System Overview48 Netscape Certificate Management System Installation and Setup Guide • October 2001Data Recovery ManagerA Data Recovery Manager performs the long-term archival and recovery of privateencryption keys for end entities. A Certificate Manager or Registration Managercan be configured to archive end entities’ private encryption keys with a DataRecovery Manager as part of the process of issuing new certificates. End-entities donot have direct access to the Data Recovery Manager.The Data Recovery Manager is useful only if end entities are encrypting data (usingapplications such as S/MIME email) that the organization may need to recoversomeday. It can be used only with client software that supports dual keypairs—that is, two separate key pairs, one for encryption and one for digitalsignatures. This service is available in newer clients only; for example,Communicator versions 4.7x (with Personal Security Manager installed) andNetscape 6 support generation of dual key pairs. Dual key pairs allow an endentity to get a new signing certificate and signing key pair without changing theencryption certificate or encryption key pair.Note that the Data Recovery Manager archives encryption keys. It does not archivesigning keys, since such archival would undermine nonrepudiation properties ofdual-key certificates. This crucial element of a PKI allows an authorizedkey-recovery agent to recover an encryption key that has been lost or corruptedwithout changing the signing certificate or signing key pair. For example, if agentsor administrators are authorized to perform key recover operations, they canrecover encryption keys for employees who have left the company or who areunavailable for some other reason. In either case, once the encryption key has beenrecovered, the user or administrator can use it to decrypt any data (such as savedemail messages) that was encrypted with that key.The Data Recovery Manager uses two special key pairs in the process of archivingan end entity’s encryption key: a transport key pair (and certificate) and a storagekey pair. The end entity must also have two key pairs: a signing key pair and anencryption key pair. The roles of all these keys are summarized in Table 1-1.