Recovering KeysChapter 5 Recovering Encrypted Data 717. Choose whether to authorize recovery locally.m If you select this option, assemble the required number of key recoveryagents and have each agent fill in his or her user name and password.m If you deselect this option, notify the key recovery agents that a recoveryhas been initiated, giving them the recovery authorization referencenumber indicated on this form. (For information on how to provide aremote authorization, see “Remote Recovery Authorization” on page 71.)8. Click Recover Now.m If you chose local authorization, the recovery is completed immediately,and the recovered certificate and key pair are sent to your browser in theform of a PKCS #12 package.m If you chose remote authorization, you must wait for the recovery agentsto enter their authorizations. As they do so, a status page informs you ofthe progress. When the required number of recovery agents havecompleted their authorizations, the recovery is completed and therecovered certificate/key pair package is sent to your browser.9. In the dialog box that appears, specify the path and filename for saving theencrypted file that contains the recovered certificate and key pair.10. Send the encrypted file to the requesting party.11. Inform the requesting party of the recovery password in a secure manner.The recovering party must use this password to import the recoveredcertificate/key pair package into his or her client software.Remote Recovery AuthorizationBy default, recovery authorization is local. That is, when you initiate the recovery,you assemble the required number of recovery agents, and all of them enter theirIDs and passwords on the same Authorize Key Recovery form on your system.When you click Recover Now, the recovery is completed, and you receive theencrypted file that contains the recovered key and certificate.