Is it normal for the CA to know the private key?

L

LAG_LAGbI42014-12-05 10:09:20

System administration

LAG_LAGbI4, 2014-12-05 10:09:20

To gain access to the public services system, a legal entity must use an EDS. EDS is issued by a certification authority. Moreover, it gives out interestingly, he generates and gives out what he himself has generated. It turns out that the certifying authority knows the private key. Is this normal? Or is it some kind of left certifying authority that I got.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Armenian Radio, 2014-12-05
@gbg

The difficulty here is that the keys must be generated by specialized expensive equipment with a bunch of certificates, so they are produced by the CA and in a secret way (so that the CCs are not stored in the CA and become known to its employees) is transferred to its client.

E

elv1s88, 2014-12-09
@elv1s88

No, it seems that the secret key is generated and written to the smart card or token in the protected memory, and the CA stores only the public key, which is uniquely associated with the secret, as well as user data.

V

Vasily, 2015-02-24
@nvv

It has become a practice that the key is generated and issued to the user by the employees of the CA (representative offices of the CA / partner in the region). Scheme for generating the first keys (correct from a theoretical point of view):
The scheme involves several trips to the CA department / representative office, so it is "simplified" (up to one meeting), generating everything based on the application and issuing ready-made keys to the client according to the passport / power of attorney.