Key custodians can recover keys and lost passwords, and manage the ownership of
encryption keys.
Loss of Password on Key Copy
If a user loses a password for the encryption key, the key custodian must drop the user’s copy of the encryption key and issue to the user another copy of the encryption key with a new password.
Loss of Login Password
If a user who has key copies encrypted by his or her login password loses that password, the key custodian can recover access for the user.
Loss of Password on Base Key
Key custodians can use key recovery if the base key password is lost. Key recovery is vital because, without the password, the key custodian cannot change the key’s password or add key copies.
Key Recovery Commands
SAP ASE does not allow access to data through the recovery key copy. A key recovery copy exists only to provide a backup for accessing the base key.
Ownership Change of Encryption Keys
The SSO can transfer key ownership to a named user. Changing ownership may occur in the normal course of business, or as part of key recovery.