Computer Security Resource Clearinghouse


Key Recovery Demonstration Project
Formerly known as the Emergency Access Demonstration Project 
Publications
Certificate Practice Statement
Pilot Root CA Policy
 
 

CA Registration
Pilot Registration Form
(In the process of developing page--
check again soon)
 
 

Contact
krdp@nist.gov

This project was developed to support emergency access to encrypted data
where required to support federal agencies needs. The most promising 
mechanisms for such access require a security management infrastructure. 
Today, the project is focused on the development of a public key 
infratructure (PKI) for the  Federal government.  Such an infrastructure
can support emergency access to encrypted data for those agencies that
require it, but does not impose additional requirements on agencies that 
do not require it. 

Development of a unified PKI for the federal government presents a number
of technical challenges. While these projects do not directly address key 
recovery, a security management infrastructure is necessary.  NIST is
supporting the development of a federal PKI by participating in the 
Federal Bridge CA project, continuing the development of the X.509 path
validation algorithm, and identifying key PKI-enabled applications (e.g.,
S/MIME) for federal use. 

While this project has focused on possible methods for accomplishing
key recovery in a PKI environment, it should be noted that a PKI environment
need not support key recovery.  In addition, a PKI is not strictly
necessary to accomplish key recovery.  However, leveraging a
PKI is perhaps the most promising environment.  PKI readily distinguish
between signature keys, where key recovery does not apply, and key management
keys.  It may be appropriate to apply key recovery to key managment keys
(depending upon the criticality of the encrypted data.) 

Background 

In May 1996, the Office of Management and Budget (OMB) released a white 
paper titled "Enabling Privacy, Commerce, Security, and Public Safety in the 
Global Information Infrastructure". This paper stated that "government and
industry  must work together to create a security management infrastructure
and attendant products  that incorporate robust cryptography without
undermining national security and public safety".  In support of this goal,
the Key Recovery Demonstration Project (KRDP) was initiated in order  to
demonstrate the practicability of the recovery of keys that support data encryption
in Federal  government applications. A pilot program was created with several
agencies to implement, test and evaluate different key recovery technologies. A
brief description of the pilot agency applications is found in the KRDP Project Summary

The National Institute Of Standards and Technology (NIST) issued a
Broad Agency Announcement (BAA) soliciting products and services to support
this project. Three possible methods of key recovery are depicted in
Key Recovery Examples. The KRDP Implementation Evaluation Criteria
identify the functional and security concerns related to the Federal governments's
need to have emergency access to encrypted data. 
 

 


Top of Page  CSRC Home Page  NIST's Homepage  NIST Computer Security Division
Please send comments or suggestions to webmaster-csrc@nist.rip.
Last Modified: December 16, 2013.

NIST is an agency of the U.S. Department of Commerce