Senses

key escrow · SynAc

TERM

key escrow

Updated

Jan 06, 2026

Senses

(N)

A key recovery technique for storing knowledge of a cryptographic key or parts thereof in the custody of one or more third parties called "escrow agents", so that the key can be recovered and used in specified circumstances. (Compare: key encapsulation.) Tutorial: Key escrow is typically implemented with split knowledge techniques. For example, the Escrowed Encryption Standard [FP185] entrusts two components of a device unique split key to separate escrow agents. The agents provide the components only to someone legally authorized to conduct electronic surveillance of telecommunications encrypted by that specific device. The components are used to reconstruct the device unique key, and it is used to obtain the session key needed to decrypt communications.

Tutorial: Key escrow is typically implemented with split knowledge techniques. For example, the Escrowed Encryption Standard [FP185] entrusts two components of a device-unique split key to separate escrow agents. The agents provide the components only to someone legally authorized to conduct electronic surveillance of telecommunications encrypted by that specific device. The components are used to reconstruct the device-unique key, and it is used to obtain the session key needed to decrypt communications.

IETF RFC 4949 (Internet Security Glossary)

Bibliography

IETF RFC 4949 (Internet Security Glossary)
Accessed Jan 06, 2026Quoted
RFC 4949 — Internet Security Glossary (Version 2)
https://www.rfc-editor.org/rfc/rfc4949.txt
RFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.
Source: IETF RFC 4949 (rfc-editor.org).