A financial organization wishes to safeguard its email communication with encryption and also adhere to internal policies that require recovery of encrypted data in case the encryption keys are misplaced. The organization plans to engage a third party to maintain a store of private keys in a secure manner for this purpose. What is the organization intending to set up?
The organization is intending to set up a key escrow system. A key escrow refers to a secure process where a third party holds a copy of the encryption key, which can be used to access encrypted data if the user's private key is lost or becomes inaccessible. Using a certificate authority explicitly for encryption does not imply that key escrow services are provided; a certificate authority usually authenticates identities and issues digital certificates. Designating a key recovery agent does not necessarily indicate the use of a key escrow system, as this role is meant for retrieving keys from the escrow but is not the service itself. Full-disk encryption is unrelated to key management or recovery, as it pertains to protecting data at rest and does not encompass storing or handling keys.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly is key escrow?
Open an interactive chat with Bash
How does a key escrow system differ from just storing keys with a certificate authority?