L
L
LAG_LAGbI42014-12-05 10:09:20
System administration
LAG_LAGbI4, 2014-12-05 10:09:20

Is it normal for the CA to know the private key?

To gain access to the public services system, a legal entity must use an EDS. EDS is issued by a certification authority. Moreover, it gives out interestingly, he generates and gives out what he himself has generated. It turns out that the certifying authority knows the private key. Is this normal? Or is it some kind of left certifying authority that I got.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Armenian Radio, 2014-12-05
@gbg

The difficulty here is that the keys must be generated by specialized expensive equipment with a bunch of certificates, so they are produced by the CA and in a secret way (so that the CCs are not stored in the CA and become known to its employees) is transferred to its client.

E
elv1s88, 2014-12-09
@elv1s88

No, it seems that the secret key is generated and written to the smart card or token in the protected memory, and the CA stores only the public key, which is uniquely associated with the secret, as well as user data.

V
Vasily, 2015-02-24
@nvv

It has become a practice that the key is generated and issued to the user by the employees of the CA (representative offices of the CA / partner in the region). Scheme for generating the first keys (correct from a theoretical point of view):
The scheme involves several trips to the CA department / representative office, so it is "simplified" (up to one meeting), generating everything based on the application and issuing ready-made keys to the client according to the passport / power of attorney.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question