Processes - Key Recovery

Here you will find information on the «key recovery» process for class B certificates.

PKI Bild Prozess Key Recovery (E)
If an old encrypted email can no longer be read because the associated key is no longer stored on the current smart card, the certificate owner/end user can create an eTicket in the web browser by using key recovery.

You can find the process description, quick guides, forms and other documents at Class B - Forms and documents library.

Provided the administrative unit has decided that no additional authorisation is required for a key recovery request, the certificate owner/end user receives the number of the generated eTicket immediately. Otherwise, the eTicket is submitted to a responsible KRO (key recovery officer) for approval. If the request is approved, the eTicket number is sent to the certificate owner/end user. 

The certificate owner/end user takes the eTicket number and their smart card to their responsible LRA officer. The LRA officer verifies their identity, launches the Key Recovery Wizard and enters the eTicket number. The wizard then displays all the encryption certificates that have ever been issued to that certificate owner. The certificate owner/end user then selects the key that is to be recovered.

Once the personal PIN has been entered, the wizard writes the selected encryption keys onto the certificate owner's smart card.

Key Recovery with KRO (Key Recovery Officer)

Key Recovery without KRO (Key Recovery Officer)