What are Escrow Users?
Escrow Users are not typical users of the system. Escrow users are assigned an "Escrow role" by the site key user. For more about this role, please visit SiteKey.
Upon activating users in the system, admins must select a checkbox indicating "escrow user's key" or "do not escrow". This essentially means that if the user loses their private key it was escrowed, and it can be recovered. If the user's key was not escrowed and they lose it, they cannot recover it.
Admins can change the escrow state of users at any point. If a user lost a key and then the user escrows, that will not help to recover the key. The user must log in using their private key for the backend to receive pieces of the key.
How does Escrow work?
Every user in tiCrypt has a private and public key. Public keys can and should be shared with other users as there is no risk in sharing a public key. There is, however, a huge risk in sharing a private key.
To explain why escrow works the way it does, it is common to explain it using the following story.
You live in your house.
You want to give other people the key to your house in case you ever lose your own key. But you do not want anyone to be able to get into your house if you're not there.
You can give a key to a friend, but they can still go behind your back and enter your house. The same goes with your family. You think about giving half of one key to one of your friends, and the other half of the key to another friend. This could work, but what if the two friends collaborate, put the keys together, and enter the house.
This solution does not suffice.
You cannot issue the pieces of the key to people that are related/ know eachother. Hence, you give 1/3 of the key to a member of your family, 1/3 f the key to one of your friends, and 1/3 of the key to a coworker. None of the people in the 3 groups know each other nor do they know who holds the other parts of the key. This solution works. And the more pieces of the key that the owner of the house issues out, the more secure their house will be.
The way that Escrow works in tiCrypt is the same.
We enforce a minimum of three escrow groups, yet we encourage more. Each time a user's key is escrowed, the backend receives "pieces" of it. If the user ever loses their private key, one member from each escrow group must get and put the pieces together.
This solution ensures that no single individual can obtain another user's private key.
How to create an Escrow User
To create a new escrow user:
- The User must communicate with the Site-key admin to determine which escrow group they will be a part of.
- Instructed to a group by the admin; the user should navigate to the
Escrowinterface. They can do so by selecting the dropdown located at the top right side of the login box as seen in the video below.
- Once a user navigates to the correct interface, they can register by selecting the green button.
- By clicking a pair of public and private keys will be generated for the user. note
The user cannot proceed until the keys are fully generated.
- Next, the user selects their
escrow group, their
credentials, and a
- Finally, the user is directed to
saveboth their private and public keys. At this step, there is a default name for both the public and private keys.
The user may choose to download keys with the default name or give each of their keys a name.
The escrow user must then email their public key to the site-key admin so they can create the request for the escrow user and sign it.
The site-key admin will drag the escrow user's public key into the dashboard of the site-key interface dashboard.
They will click the check box, sign it using their password, and download the signed request.
Next, the site-key admin will email it to a super admin in the system.
From there, a super admin must log in to the tiCrypt interface, go to the tab, and navigate to the
"Signed Escrow Actions".
The admin must select the
Plusicon located at the top right side of the screen and drag in the requested file that was emailed to them by the site-key admin. Once dropped, the super admin must sign by clicking the check box, and click .