An organization's security policy states that the company must be able to access an employee's encrypted files if the employee is unavailable or forgets their encryption key password. Which of the following cryptographic concepts should be implemented to meet this requirement?
Key escrow is the correct solution. It is an arrangement where the keys needed to decrypt encrypted data are held by a trusted third party, allowing an authorized entity (like the organization) to access the keys under specific circumstances, such as when an employee is unavailable. Key stretching is a technique to make weaker keys more secure against brute-force attacks. Perfect forward secrecy ensures that past session keys are not compromised even if a long-term private key is. A digital signature is used for verifying the authenticity and integrity of a message, not for data recovery.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Key Escrow and how does it work?
Open an interactive chat with Bash
Why might an organization choose not to implement Key Escrow?