CISSP – Information Systems Security Architecture Professional (ISSAP) — Question 44

An organization wants to allow a certificate authority to gain access to the encrypted data and create digital signatures on behalf of the user. The data is encrypted using the public key from a user's certificate. Which of the following processes fulfills the above requirements?

Answer options

• A. Key escrow
• B. Key storage
• C. Key revocation
• D. Key recovery

Correct answer: A

Explanation

Key escrow allows a third party, such as a certificate authority, to hold a copy of the encryption keys, enabling them to access encrypted data and create digital signatures. Key storage simply refers to the safekeeping of keys without the capability to access encrypted data. Key revocation deals with invalidating keys that are no longer trusted, while key recovery focuses on retrieving lost keys rather than granting access to a third party.