Key Escrow405 is the procedure of keeping a copy of a users private key in a centralized location that is only accessible to security administrators. Key Escrow also provides a mechanism whereby the private key can be recovered without having to be physically stored. Escrow allows for the future recovery of the key, should it be lost due to disaster or by its owner, or needed by someone authorized to view the information encrypted by it, such as in certain regulatory environments or situations in which law enforcement is involved.
Key Escrow is the PKI equivalent of giving a trusted friend a copy of your car and house keys, perhaps in a sealed envelope or maybe in a combination-lock box if you are especially protective of them, just in case something happens to your original set of keys. The concerns and types of precautions you might take in that situation apply equally to safeguarding escrowed keys.
Depending on how (if) the organization controls private keys, and the conscientiousness of users, this recovery ability may be needed more or less routinely. It may be accomplished by encrypting the central database in which private keys are stored, or by safeguarding hardware used to automatically regenerate the private key given the appropriate information.
Key escrow can be performed either after the key has been generated or by pre-compiling public/private keys before assignment (depending on what your key escrow system supports, and your policies allow).
In systems that use separate key pairs for signing and encrypting data, both the signing and encryption keys may be archived, with either key recoverable independently, to preserve non-repudiation even if an encryption/decryption key is recovered. That is, the key used for decrypting private messages sent to a particular user can be recovered, without also obtaining the key used to sign messages with the identity of that user.
Different organizations and industries (such as the securities industry, which requires that transaction-related data be stored for 7 years) have different requirements for archiving business-related information. If that information is stored in an encrypted state for security purposes, encryption keys must be held for that period as well.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.