DoD PKI Automatic Key Recovery

One problem in the past with the DoD PKI infrastructure was the inability to recover Common Access Card (CAC) private encryption keys and certificates  that were either expired or revoked.  This becomes necessary when a CAC is  lost and its certificates are revoked or when a CAC and the certificates it  contains simply expires and is surrendered to DEERS/RAPIDS before the  user’s encrypted emails have been decrypted.

An Auto Key Recovery capability has been fielded by DISA to permit holders of new CACs to retrieve encryption keys/certificates from previous cards to  permit decryption of old email.

 

Download (PDF, 1.2MB)