17 Key archiving

When you issue a certificate in MyID, the private key is generated on the card. If the holder loses the card, the key is lost.

For encryption certificates, you may want to archive the key on the MyID server. When the key is archived and the card is lost, you can recover the key onto a new card. This allows any encrypted data (for example, encrypted email) to be accessed.

You can set up key archiving on individual certificate policies. You should choose to archive keys only when necessary – for example, you should archive encryption certificates, but not signing certificates.

The following forms of key archiving are available:

• Certificate Authority key archiving

  The certificate authority holds the archived keys.

• Internal MyID key archiving

  The MyID database holds the archived keys.

• MyID SecureVault key archiving.

  If you have the separate MyID SecureVault software, keys are stored securely in the MyID SecureVault key store.