System information
DRM: Recovering Encrypted Data
This chapter describes how authorized Data Recovery Manager (DRM) agents process key
recovery requests and recover stored encrypted data when the encryption key has been lost.
This service is available only when the DRM subsystem is installed.
1. List Requests
There are three kinds of key service requests:
• Key archival requests, made by CM agents
• Key recovery requests, made by DRM agents
• Token key requests for archiving smart card (token) keys in conjunction with server-side key
generation requests. This request can only be initiated through a TPS subsystem.
A DRM agent reviews these requests. An agent can search for and list key service requests
with a particular status, such as completed or rejected, select a key service request from the
returned list, and examine the request details. Key service requests are handled internally; it is
not necessary to take any action on them unless the Certificate System is specially configured.
To list key service requests, do the following:
1. Open the DRM agent services page.
2. Click List Requests to display the List Requests form. This page specifies which key
service requests to list.
3. Choose the type of requests to see from the Request type menu. There are three request
types:
• Show Key Archivals requests
• Show Key Recovery requests
• Show Token Key requests
• Show all requests
4. Select the status of requests from the Request status menu.
• Show canceled requests. Unless the system is specially configured to allow requests to be
canceled, there are no canceled requests.
• Show rejected requests. Rejected requests do not comply with the archival or recovery
policies. Unless the system is specially configured to allow requests to be rejected, there
are no rejected requests.
Chapter 7.
61