A key escrow is a cryptographical concept where the encryption keys are held in “escrow”, by a trusted third party with the understanding that that third party can use the encryption keys at will to decrypt any document or communication using those keys for a defined purpose. In business this can be used to allow network monitoring, verifying that the internet is only being used for a legitimate purpose. In government, the key escrow is normally suggested as a secure solution for targetted mass surveillance.
Technipages Explains Key Escrow
Implementing a key escrow has a number of technical issues that are generally feasible to overcome at a small scale but become significantly more difficult to manage and higher risk at a large scale. The main issue with a key escrow is that if the trusted third party is compromised then the entire system is compromised and either all devices have to be updated to use a new key or the entire system has to be replaced. In an environment with a limited number of devices changing the encryption keys is not an insurmountable task. In an environment as large as a nation or the internet, ensuring the system is never compromised is essentially impossible and if the system is compromised the severity of the issue would be catastrophic.
A well-known example of a key escrow system is the Clipper Chip, in the 1990s the NSA designed a microchip that would be attached to motherboards providing a hardware key escrow system. The Clipper Chip, however, was found to have a number of security flaws that meant it’s escrow system could be bypassed and many people objected to the government backdoor in their communications encryption, within three years of its announcement the chip was defunct.
Common Uses of Key Escrow
- Key escrow is the notion of putting a confidential secret key or private key in the care of a third party until certain conditions are fulfilled.
- By far the most controversial key escrow issue surrounds whether cryptosystems should be developed to have a back door for wire-tapping purposes.
- In a corporate environment, many business needs for key escrow exist.
Common Misuses of Key Escrow
- It’s best to use a key escrow algorithm to encrypt documents securely.