[1] The Key Management issue can be complex and the sub sections of this document [2] are here only as an guideline to the deeper issues. In selecting the best approach for your environment, the Digi-CAST™ [3] Team can advise you and their advice will always be to keep things as simple as you can.
For Disposable Digi-IDs™, the Digi-CA™ [4] will require Key Management enabled in advance because after five years, with only 100,000 end users, there will actually be 500,000 Key-Pairs in circulation. If you decide that you must use Disposable Digi-IDs™ then you should consider the following questions, for example:
The solution to these problems is to have Key Management and Key Escrow services enabled in the Digi-CA™ during configuration and installation.
In the case of Renewable Digi-IDs™, you don’t really need Key Management and in many Trust Centre [5] environments, Key Eskrow services are not permitted by law. Also, as the end user has only one Digi-ID™ or Key-Pair to take care of, it is a much easier task to provide assistance and enable them to ‘self recover’ from their own Backup.
Links:
[1] https://www.digi-sign.com/downloads/download.php?id=digi-ca-pdf
[2] https://www.digi-sign.com/digital+document
[3] https://www.digi-sign.com/service/digi-cast
[4] https://www.digi-sign.com/digi-ca
[5] https://www.digi-sign.com/trust+centre