Key Escrow

Key escrow is the practice of depositing a copy of one or more cryptographic keys with a designated trustee — an enterprise key-management system, an HSM, a vendor, or a government — so the keys can be recovered when the original holder is unavailable, has lost them, or when lawful access is required. Enterprises commonly escrow disk-encryption recovery keys (BitLocker, FileVault, LUKS) and email-encryption keys to avoid data loss when employees leave or hardware fails. Government-mandated escrow schemes such as the 1993 Clipper Chip have historically been highly controversial because they weaken end-to-end security and create a high-value target. Good design uses split keys (Shamir Secret Sharing), strong access controls, and detailed audit logs to limit risk.