Encryption is today the main solution to protect data. But encryption depends on a key. If the key is lost. Data are lost.


What is a key ?

A key can be « a device » (file, Certificat, token, card…). This is « what you have ». A key can be a secret convention (a passphrase, a code pin…). This is « what you know ». A key can be biometric. This is « what you are ».

A key is often a combination of two (« what you know » and another)

Where can we find keys in a company ?

Secret conventions are everywhere, often under the end-user control :

  • Private keys for PKI,
  • Laptop BIOS passcode,
  • User’s passphrases for ssh, pgp,
  • private keys, password managers,
  • Users TPM code,
  • PIN code for hardwahre security devices
  • (usb keys, HDD, …)
  • Precovering keys in IT team,
  • Physical safe code,

And any specific files for a strong secure shared storage.

Key lost and Reconstruction ?

Even with certificates, token, sd cards, TPM, passwords managers, a part of the secret convention is in the head of the user… and can be lost.

A secret convention (a key) cannot be reconstruct without adding weaknesses.

How to avoid lost of secrets ?

Humans can lost memory, can have accidents …

Low probability on one person, but become high in a large organization, with potentials huge damages.

How to recover encrypted data without the owner (the collaborator) ?  Data belongs to the compagny, not to the user. But with encryption, he becomes the uniq owner.


The actual solutions

Some try, some progress…

The safe

A solution is to store all secret in a (more) secured place. Ok, Who got the key of this place ?

“I am the Keymaster” – Ghostbuster

I know who corrupt to get all secrets. Bad solution !

The master key

Another solution est a recovering key (like a master key). Who got this key ?

“A ring to rule them all” – The lord of the rings.

This solution is not always possible because depends on the software used for encryption.

This master key is often shared by a group of persons (a part of the IT Team for example).

Each admin can recover all secrets.

It is not easy to change this key on each device.

Bad solution.

The master key protected by a secret sharing ?

The solution is the previous one, and the master key est “separated” in secrets part (secret sharing by shamir). Ok, nice… but…

The masterkey is reconstruct in memory. Lets hack the system to catch the recovering key when the group of admins recover a secret. At this time, we are more than an admin, because whe got the master key !

Less but bad solution…

Key escrow system


We build a dedicated system for key escrow/recovery. It got the following features :

  • Only a quorum of administrators can recover secrets. They don’t know the identity of the other admins.
  • The attacker need to corrupt more than a single admin. No master key.
  • The system can be corrupted without giving informations on admins or on secrets shared inside.
  • A user cannot recover its own secrets (to avoid identity spoofing to steal secrets).
  • No partial or temporal keys on servers. All cryptographic operations are executed (distribued) on clients.

How it works

Technical architecture

A specific client software to store and recover secrets (called « escrow »), sending requests to an open server (the Front).
A non accessible server (the Back) connecting periodicaly to the Front to download requests and upload answers.

The client is a Java code on desktop.

The front is Web/JSON web server.

The Back is a “cold store” server.

The architecture is designed for services on Internet with the definition of a « Domain » of escrow.


A specific algorithm developped for electronic vote is adapted to this situation. It got the following feature.

  • A « domain » per organisation, with a published public key. The escrow is encrypted on the client. Servers only store crypted informations without elemtens to decypher them.
  • There is no private key associated to the public one. A « sur-crypt » system with shamir secret sharing embedded.
  • No key reconstruction on the servere or clients. Each admin sur-crypt the escrow with its own secret key on its computer.


[Best_Wordpress_Gallery id=”5″ gal_title=”escrow-math”]


Building the trust

  • Servers (Front and Back) can be corrupted (hacked) without disclosing escrows (even while adding or recovering processes).
  • Systems Administrators of servers cannot recover escrows, even under duress.
  • Only the client code is important in the cryptographic process. The trust in it can be ensure by :
    • It can be locally store after verification,
    • It is signed by a development key, separated fron servers keys,
    • It display its result at each step of cryptographic step and communication. It ca be easily verify.
    • You can recode your own client…

 The software

The client is downloadable at each time or once per all. Its code can be euditable. It doeos the entire part of all cryptographic functions. Its code is signed (java) to prove its origin. The client talk with the Front. Its messages are crypted to the Back.


[Best_Wordpress_Gallery id=”6″ gal_title=”escrow-soft”]


The software is not free.

The version 1.0 is available for testing (under Non Disclosure Agreement). Please contact us for more informations.

A demo version will be avilable soo.