Key escrow (escrowed keys)
来源:互联网 发布:淘宝客不战 编辑:程序博客网 时间:2024/06/17 12:53
Key escrow
Key escrow (also known as a “fair” cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees' private communications, or governments, who may wish to be able to view the contents of encrypted communications.
The technical problem is a largely structural one since access to protected information must be provided only to the intended recipient and at least one third party. The third party should be permitted access only under carefully controlled conditions, as for instance, a court order. Thus far, no system design has been shown to meet this requirement fully on a technical basis alone. All proposed systems also require correct functioning of some social linkage, as for instance the process of request for access, examination of request for 'legitimacy' (as by a court), and granting of access by technical personnel charged with access control. All such linkages / controls have serious problems from a system design security perspective. Systems in which the key may not be changed easily are rendered especially vulnerable as the accidental release of the key will result in many devices becoming totally compromised, necessitating an immediate key change or replacement of the system.
On a national level, this is controversial in many countries due to technical mistrust of the security of the escrow arrangement (due to a long history of less than adequate protection of others' information by assorted organizations, public and private, even when the information is held only under an affirmative legal obligation to protect it from unauthorized access), and to a mistrust of the entire system even if it functions as designed. Thus far, no key escrow system has been designed which meets both objections and nearly all have failed to meet even one.
Key escrow is proactive, anticipating the need for access to keys; a retroactive alternative is key disclosure law, where users are required to surrender keys upon demand by law enforcement, or else face legal penalties. Key disclosure law avoids some of the technical issues and risks of key escrow systems, but also introduces new risks like loss of keys and legal issues such as involuntary self incrimination. The ambiguous term key recovery is applied to both types of systems.
See also[edit]
- Cryptography
- Key management
- Clipper chip
- Data Securities International
- Related-key attack
- Key escrow (escrowed keys)
- 关于escrow
- QML的Key事件(Keys)详解
- Keys
- keys
- keys
- keys
- Keys
- keys
- "keys": "*"
- Loading GPG / SSH Keys from a USB Key, Round 2
- android gpio-keys 按键驱动分析(一) key layout文件
- Redis遍历所有key的两个命令 -- KEYS 和 SCAN
- Redis遍历所有key的两个命令 -- KEYS 和 SCAN
- Redis遍历所有key的两个命令 -- KEYS 和 SCAN
- 从escrow.com购买域名的经验
- Joining an array of keys to a hash with key value pairs like excel vlookup
- memcached实战系列(五)Memcached: List all keys 查询所有的key
- sql注入及防止SQL注入
- LeetCode24 Swap Nodes in Pairs 25. Reverse Nodes in k-Group详解
- ubuntu开启sshd服务(转载)
- pppcloud云主机下linux环境变量设置错误后,如何恢复解决方案
- javascript sort函数探究
- Key escrow (escrowed keys)
- UGUI控件可拖拽移动类组件
- php+jQuery全选 反选
- ssh: connect to host localhost port 22: Connection refused
- java -- 将int 转为二进制,再提取二进制中每一位信息
- JAVA 仿XP画图板的总结
- hbase的写和读,大合并和小合并
- PHP 更新式缓存
- QOS-1 ClassAndMarking标记和分类