Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



Key Escrow

Key escrow provides for offline storage of users' private keys in an encrypted database for backup and recovery.

If an RAO is given permission to issue client certificates, and the organization is configured for key escrow, the next time that RAO logs into the CMS, s/he will be prompted to initialize a database of encryption keys. Upon doing so, a master decryption key will be issued to the RAO. The RAO should immediately take steps to secure the master decryption key. Failure to do so will render the key escrow feature useless.