312-50V10 · Question #363
Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?
The correct answer is D. Key escrow. Key escrow is the PKI mechanism where a copy of a private key is held by a trusted third party to enable authorized recovery. This is distinct from the recovery agent role or certificate directories.
Question
Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?
Options
- AKey registry
- BRecovery agent
- CDirectory
- DKey escrow
How the community answered
(38 responses)- A3% (1)
- B3% (1)
- D95% (36)
Why each option
Key escrow is the PKI mechanism where a copy of a private key is held by a trusted third party to enable authorized recovery. This is distinct from the recovery agent role or certificate directories.
A key registry is not a standard PKI component - registries in PKI context refer to Registration Authorities (RAs) that verify identities, not private key storage.
A recovery agent is a person or role authorized to decrypt or recover data, not the storage mechanism where the private key copy is held.
A directory in PKI (such as LDAP) stores public certificates and certificate revocation lists, not private keys.
Key escrow is the specific PKI component that involves storing a copy of a private key with a trusted third party or escrow agent. This allows authorized access by law enforcement or administrators and supports recovery operations when the original key holder loses access. It is the storage and custody arrangement itself, not the role of the person performing recovery.
Concept tested: PKI key escrow and private key storage
Source: https://csrc.nist.gov/glossary/term/key_escrow
Topics
Community Discussion
No community discussion yet for this question.