(also key recovery)
Key escrow definition
Key escrow is a cryptographic key exchange method where the key is stored by a third party (or held in escrow). Cryptographic keys are used for decrypting encrypted data. When they are held in escrow, an authorized third party may gain access to them under certain circumstances. These third parties may include businesses wanting to access employee business-related communications or governments wishing to view the contents of encrypted communications. Key escrow is controversial because a third party is involved in private key handling and due to the potential vulnerabilities introduced by key escrow operations.
The risks of key escrow
- Privacy issues. Encryption should provide a high level of security and privacy. Key escrow arrangements mean cryptographic key access can be granted to certain third parties, raising questions about the privacy of the user whose data may be read.
- Government surveillance. Government agencies may request access to the cryptographic keys in escrow. The ability of these agencies to access private keys may cause concerns about the government using it as a mechanism of surveillance.
- Security issues. Even though the keys are typically held with a trusted third party, the process of storing the keys may introduce security vulnerabilities.