illustration of person walking

Maintain secure continuity of access

Entrust Key Recovery Server (KRS) for Entrust Security Manager™ provides a highly secure secondary means of accessing private keys used to encrypt information. Key Recovery Server offers an empowering solution to the increasingly common challenge of enabling and/or maintaining continuity of access to encrypted information when the original private key cannot be accessed.

Benefits

Icon

Established Compliance

Comply with the key recovery policies and models of the U.S. Department of Defense PKI, the Federal Common Policy, and more.

Icon

Secure Control

Enforce separation of roles, limit key recovery decisions to specific groups, and implement multi-party oversight and authorization.

Icon

Flexible Recovery

Securely deliver keys to the Requestor in PKCS #12 format or onto hardware devices.

How It Works

key recovery server diagram

  1. A Key Requestor requests one or more of a user’s keys
  2. The request is queued for Key Request Agent 1 (KRA1). An email notification is sent to all of the members of the KRA1 group and other select individuals, such as security officers or Legal – notifying them that a key recovery process has commenced.
  3. KRA1 retrieves and reviews the request to determine whether it’s appropriate and meets applicable policies and agency guidelines. KRA1 can then approve or reject the request, or allow it to expire.
  4. If approved by KRA1, an email notification is generated to alert Key Request Agent 2 (KRA2). KRA2 reviews the request to determine if it’s appropriate and meets applicable policies and agency guidelines. KRA2 can then approve or reject the request, or allow it to expire.
  5. If approved by KRA1 and KRA2, the Requestor is notified that request has been approved and the keys are ready for recovery. The Requestor may recover the keys to an approved storage format.

Connect with an Expert

Our experts will contact you to discuss how our solutions can meet your needs.

Chat Now