Skip to main content

Escrow Certificates

What are the Escrow Certificates?

An escrow certificate is a unique JSON file signed by a Super Admin with an execution order. Escrow certificates are counter-signed by the Site-key Admin, and any change to the hash renders the certificate invalid.

What are the Types of Escrow Certificates in tiCrypt?

  • add-escrow-user: adds a new escrow user to an escrow group.
  • add-key-to-escrow-group: adds a key to be escrowed to an escrow group.
  • add-recovery-key: adds the recovery key for a tiCrypt user into the system.
  • delete-recovery-key: deletes the recovery key for a tiCrypt user from the system.
  • get-escrow-public-keys-for-a-user: retrieves the public-private key pair for an escrowed user.
  • get-escrow-key-by-id: gets an escrow key based on its ID.
  • get-own-escrow-user: retrieves a user's own escrow key for future escrow.
  • get-recovery-key-sets-for-escrow: retrieves a set of recovery keys for performing an escrow.
  • get-users-with-escrow-keys: retrieves the users who own escrow keys.
  • list-all-escrow-users: lists all current and former escrow users.
  • list-escrow-groups-rich: lists all escrow groups in the system.
  • list-escrow-keys-for-user: lists escrow keys for a specified user to initiate the escrow.
  • new-escrow-group: creates a new escrow group.
  • new-escrow-public-key: creates a new escrow public-private key pair.
  • retrieve-recovery-key: retrieves an existing recovery key.