Publications
Certificate Practice
Statement
Pilot Root CA Policy
CA Registration
Pilot Registration Form
(In the process of developing page--
check again soon)
Contact
krdp@nist.gov |
This project was developed to support emergency
access to encrypted data
where required to support federal agencies needs. The most promising
mechanisms for such access require a security management infrastructure.
Today, the project is focused on the development of a public key
infratructure (PKI) for the Federal government. Such an
infrastructure
can support emergency access to encrypted data for those agencies that
require it, but does not impose additional requirements on agencies
that
do not require it.
Development of a unified PKI for the federal government presents a number
of technical challenges. While these projects do not directly address
key
recovery, a security management infrastructure is necessary.
NIST is
supporting the development of a federal PKI by participating in the
Federal Bridge CA project,
continuing the development of the X.509 path
validation algorithm, and identifying key PKI-enabled applications
(e.g.,
S/MIME) for federal use.
While this project has focused on possible methods for accomplishing
key recovery in a PKI environment, it should be noted that a PKI environment
need not support key recovery. In addition, a PKI is not strictly
necessary to accomplish key recovery. However, leveraging a
PKI is perhaps the most promising environment. PKI readily distinguish
between signature keys, where key recovery does not apply, and key
management
keys. It may be appropriate to apply key recovery to key managment
keys
(depending upon the criticality of the encrypted data.)
Background
In May 1996, the Office of Management and Budget (OMB) released a white
paper titled "Enabling
Privacy, Commerce, Security, and Public Safety in the
Global
Information Infrastructure". This paper stated that "government and
industry must work together to create a security management infrastructure
and attendant products that incorporate robust cryptography without
undermining national security and public safety". In support
of this goal,
the Key Recovery Demonstration Project (KRDP) was initiated in order
to
demonstrate the practicability of the recovery of keys that support
data encryption
in Federal government applications. A pilot program was created
with several
agencies to implement, test and evaluate different key recovery technologies.
A
brief description of the pilot agency applications is found in the
KRDP
Project Summary.
The National Institute Of Standards and Technology (NIST) issued a
Broad Agency Announcement
(BAA) soliciting products and services to support
this project. Three possible methods of key recovery are depicted in
Key Recovery Examples.
The
KRDP Implementation
Evaluation Criteria
identify the functional and security concerns related to the Federal
governments's
need to have emergency access to encrypted data.
|