Certificate and key recovery for recipients


#1

This describes risks and recovery measures if a recipient loses access to, or ownership of, a certificate. The following are some conditions that could lead to a lost certificate or ownership

Recipient loses certificate

This means the recipient loses the actual certificate file, but not the cryptographic keys allowing them to prove ownership of a certificate.

The recipient could lose certificates if they were storing the files in a single location (no backup), and the files were deleted/corrupted or are inaccessible due to accidental deletion, device loss, or loss of access to the file store.

Recipient loses ownership of certificates

Loss of ownership happens if the cryptographic keys are lost or compromised. For example, if the recipient is using the certificate wallet app, (temporary) loss of ownership could happen in these cases:

  • Recipient forgot mnemonic seed
  • Recipient keys compromised
    • Phone/OS exploit
    • Recipient did not store mnemonic seed securely and attacker obtains access

Guide

There are 2 primary pivots influencing risks and how/whether a recipient can recover certificates.

  1. Whether keys are intact (as opposed to lost/compromised)
  • Keys are considered intact if the recipient remembers the mnemonic seed for the wallet AND does not suspect leak of private keys/seed
  • Keys are considered “lost” if the recipient has forgotten the mnemonic seed
  • Keys are considered “compromised” if it is known that private keys or the mnemonic seed has been leaked. Suspected leaks should also be in this category.
  1. Whether a backup of certificate is available
  • Possible if recipient has made a backup, or
  • Possible if issuer allows recipients to retrieve previously-issued certificates, e.g publicly hosted or stores and allows recipients to request a copy.
| Backup available? | Key state   | Risks   | Recovery    | 
| ----------------- | ----------- | ------- | ------------| 
|  yes              | intact      | State 1 | Reimport certificates from backup | 
|  no               | intact      | State 2 | Request reissue with new public key | 
|  n/a              | lost        | State 3 | Generate new keys, Request reissue | 
|  n/a              | compromised | State 4 | Generate new keys, Request reissue | 

Capabilities and risks associated with state

State 1

  • Certificate sharing: Recipient can share from backup location
  • Proof of ownership: Recipient could still prove ownership of certificates/public keys when the wallet has a signmessage feature.

State 2

  • Certificate sharing: Recipients cannot share certificates
  • Proof of ownership: Recipient could still prove ownership of certificates/public keys if the wallet has a signmessage feature.

State 3

  • Certificate sharing: If recipient has certificates or backup, they are still verifiable and can be shared
  • Proof of ownership: Recipient has no ability to prove ownership of certificates/public keys

State 4

  • Certificate sharing: If recipient has certificates or backup, they are still verifiable and can be shared
  • Proof of ownership: Recipient has no ability to prove ownership of certificates/public keys
  • Potential loss of ownership of certificates: attacker could revoke
    • Could quickly identify compromised keys if we add address monitoring to the wallet

Recovery

Reimport certificates from backup

  1. If certificate-wallet not installed, reinstall and enter mnemonic seed
  2. Request copy (from issuer) if necessary
    • May be a noop if the recipient has backed up the certificate or if the issuer has a publicly hosted certificate site
  3. Re-import certificates from backup location

Request reissue with new public key

  1. Request new invitation from issuer
  2. Submit new public key to issuer
  3. Import new certificate when available

New seed and reissue

  1. Generate new mnemonic seed for wallet
  2. Request reissue of certificate from issuer (follow “Request reissue with new public key”)

Follow-up Features

  • Recipients could quickly identify compromised keys if we add address monitoring to the wallet.
  • Proof of ownership with signmessage feature