A workable method for providing a key recovery capability for files and other long-term data items that are encrypted with a per-item key is offered.
This paper is a blend of politics (the key-escrow issue) and technology (a way to bind per-item keys to data such as files and messages). The essence of the key recovery idea is to store the per-item key encrypted in a public key belonging to an interested party (a corporation, government agency, or individual user). The private component of the public key is held by whomever the interested party chooses (including him or herself). The public keys are assigned on a per-user basis and are only used for key recovery when the interested party presents proper credentials.
The individual user’s file or message encryption software is fitted with extensions to store the per-item key encrypted with the assigned or selected public key. Then, whenever the interested party is unable to read a data item due to sender or receiver “data blackmail” or more benign causes (such as forgetfulness or a lost or damaged key file), he or she can present the data item to the public key holder along with whatever authority and identification the situation requires. The (secret) public key holder then extracts the per-item key. The paper wanders in and out of the political weeds about whether the government or some ostensibly disinterested third party should or will hold the secret part of the public key.
The paper suggests that the scheme can be made part of a software encryption package that is integrated into one or more applications. The authors make claims, unsupported in the paper, that it is possible to bind the software encryption program and the software key escrow to an application in such a way that extricating oneself from the clutches of the mandatory key escrow is at least as difficult as defeating key escrow in Clipper/Capstone.
The paper is interesting in that it provides a template for key recovery that could be attractive to commercial software vendors and to end users. I recommend it to everyone new to the key escrow idea for a really simple, easily understood description of how it could work. Readers can find the meat of the paper easily enough, and the technical description of how a key recovery scheme could work is first-rate.