Information Security for the Enterprise Home About Us Contact Us
ISC
Mideye
ControlGuard
Support
Buy Online
Brochure

Key Recovery Utility™

Overview

When SecretAgent 5 key recovery has been enabled, this Windows application permits authorized key recovery agents (KRAs) to decrypt SA5 archives (regardless of originating platform), and thereby recover the plaintext they contain. At no time are user private keys compromised and a key escrow system is not required.
Key recovery agents are configured in the security policy. The PolicyAgent application is required to generate a policy that includes key recovery.

How It Works

When SA5 key recovery is enabled (either voluntarily by the user or as enforced by security policy settings), KRAs are included as “virtual recipients” for every encrypted archive. This means that the random session key used to encrypt a given archive is wrapped with the public keys of the (individual or group) KRAs just as it is for all normal recipients of that archive.

When key recovery is required, say in case of employee dismissal or unexpected absence, the KRA-wrapped session keys can be extracted from the archive header by the KRU and handed off to the various KRAs for processing. Each KRA enters the password for his private key and the session key is partially unwrapped. Once all KRAs have processed their messages, the raw session key is available and can be used to decrypt the original SA5 archive.
 

Encryption & Trust
SecretAgent
SpyProof
PolicyAgent
  Key Recovery Utility
Document Access Server
CertAgent
Credential Management
Development Tools
Technical Information
Brochures

© Copyright 2006 tamtech Solutions Ltd