Skip to main content

Escrow Users Role in Key Escrow

Escrow Users play a critical role in the de-escrowing activities and the overall maintenance of the escrow system within tiCrypt. Their responsibilities are specifically designed to ensure secure and controlled access to encrypted user data.

Key Functions of Escrow Users:

  • Monitoring Escrow Status: Escrow users can access details about the available key escrows for each tiCrypt user, ensuring they are kept up-to-date on the status of key management.
  • Key Sharing Among Group Members: They are responsible for sharing their group key with other members within the same escrow group, a necessary step particularly when new escrow users are integrated into the group.
  • Key Recovery Assistance: Escrow users can share their group key with a designated escrow user tasked with recovering a specific tiCrypt user's key, provided they have acquired the necessary keys from all related groups.

Important Considerations:

  • Key Recovery Conditions: A group key can only be recovered by an escrow user if it is explicitly shared with them. Merely being a member of an escrow group is insufficient for key recovery.
  • Escrow User Key Authorization: Generating an escrow user key does not automatically confer permissions within tiCrypt. For an escrow user key to be recognized, it must be counter-signed by the site-key administrator.
  • Multi-factor Authentication (MFA): If enabled, the use of a recovered user private key is contingent upon satisfying the multi-factor authentication requirements.

Steps to Create an Escrow User Account

Step 1: Escrow User Action

The escrow user must first communicate with the site-key admin to determine their escrow group.

To create a new escrow user account, navigate to the tiCrypt Connect desktop application and launch it in your browser.

  • On the login page, click the dropdown in the top right center.
  • Select .
  • Click green button.

Registration Steps:

  • Step 1: Your private keys are generated.

  • Step 2: Register your profile details:

    • Select your designated escrow group.
    • Type your first, last name, and email.
    • Optionally, type your department and position.
    • Type and re-type your encrypted private key password.
    • Click Register.
  • Step 3: Download your private key:

    • View the .json file of your private key. Store it securely and do not share it.
    • Optionally, click Redownload private key.
    • Click .
    • Download your .json escrow profile file but do not log in yet.
    • Email your public key to the site-key admin.
note

The user cannot proceed until both keys are fully generated. Users may choose to download keys with the default name or give each key a custom name.

Step 2: Site Key Administrator Action

  • In the escrow dashboard, create and sign the request for the escrow user.
  • Drag-and-drop the escrow user's public key into your site-key dashboard.
  • Tick the Sign box.
  • Type your password and download the signed request.
  • Send the signed request to a super-admin.

Step 3: tiCrypt System Admin Action

To execute the signed request, navigate to the tab in the Escrow Certificates section:

  • Click Execute signed certificates.
  • Select the signed request file and click .
  • Apply the certificate to activate the escrow user.

Change the Password of the Escrow User

To change your escrow user password, login to your account:

  • Select Change password.
  • Type your current password and new password twice.
  • Click .

You will be prompted to log out and your new key will be downloaded. Use this new key to log in next time.