Knowledgebase: General
What if a client forgets his encryption key? How does the Key Escrow process work? How can I recover an encryption key?

Search Terms: key escrow recover key recover encryption key key recovery lost key lost encryption key

The loss of an encryption key can be an emotionally-charged situation. The customer's hard drive may have crashed, or the computer has been stolen. Perhaps the customer has phoned you and is strongly demanding that you restore his data. He may consider it your sole responsibility to restore his data and may be blaming you for not being able to do so because he lost his encryption key. In a worst case, perhaps it WAS your responsibility to maintain your customer's encryption key.

Both you and your customer know his files are safely stored on your RBS Server, and it can be upsetting to know that they cannot be restored because the Encryption Key has been lost. Often the customer's business is adversely affected and the longer his files are lost the more upset he becomes.

RBackup is so secure that it is impossible for a Service Provider to recover files if a customer forgets his encryption key. (But there is hope. Please read on.) For this reason, we strongly recommend that your customers make a Key Disk during installation of their software, and that they record their encryption key on paper and keep it in a safe place. When the software is installed it prompts the user to make and store the Key File and to print the Key Report that it displays, and keep it in a safe place.

If you have the Key Report printed or the latest Key File you can recover the encryption key. If your customer does not remember his encryption key, and does not have the Key Report or the Key File, there is an alternative which can be used in emergencies.

RBackup is the only online backup software that has a built-in Key Escrow system. It can be activated or deactivated by the Service Provider. It is ON by default. This exclusive, highly secure triple-key cryptographic key recovery module allows RBS (and nobody else) to restore a client’s hopelessly lost encryption key. Only RBS can do it, and only with approval from the customer, and only if your customer has not changed his Encryption Key without rebuilding his Key Escrow file. (The software prompts for rebuilding this file whenever the key is changed.)

Recovering Encryption Keys is NOT covered under any RBS Maintenance Subscription. RBS offers no guarantee that we will be successful in recovering an Encryption Key. Some Encryption Keys cannot be restored, even if Key Escrow is turned ON.

To perform a key recovery operation we need some files from your client’s latest backup from your Server, a key file generated by your Server, and legal documents signed by your client and yourself authorizing us to recover the key.

The process requires the consent of your Client and yourself, and can only be done if the Service Provider has turned on the Key Escrow feature.

Recovering encryption keys represents a significant legal liability for RBS, and a significant amount of time. Our insurance carrier requires that we don’t make the process easy or cheap, and that we follow the proper Best Practices guidelines.

There is a fee to have RBS recover a lost encryption key, which will be refunded if we are unable to recover the key. Since it is usually the customer’s responsibility to safeguard his Encryption Key, most Service Providers charge the customer for our fee.

To start the process of recovering an encryption key, fill out and return the TWO (2) forms below, and click here to pay the key escrow fee.

The Key Recovery process can take from fifteen minutes to twenty four hours, depending on the complexity of the key. Our process for recovering it involves applying our key and the Service Provider’s Key in a brute force attack on the triple-cryptographically locked escrow files in an attempt to discover the missing third part of the algorithm.

RBS alone cannot recover an encryption key without the consent of the client and the service provider.

Instead, we highly recommend that your client makes a Key Disk during installation of his software (which the software will ask him to do) and also print the Key Form, for which the software will prompt. This avoids the trouble and expense of using Key Escrow.

If you need to initiate a Key Recovery, following are the forms and instructions.

Please fill out the two forms at the link on the bottom of this form and fax them back to us. Instructions are at the top of each form. After we receive your forms we will contact you to arrange payment for this service.  We are usually able to recover a lost encryption key within a few hours of receiving your forms and payment.

You will be asked to email us some files from your RBS Server.

Because of the high security of the encryption process our success rate recovering encryption keys when all the files we need are available is about 75%.

We WILL NOT be able to recover an encryption key if you have turned OFF the Key Escrow feature of your RBS Software. This feature is ON by default. We will not be able to recover an encryption key if we do not have access to  all the files we need from your RBS Server or if those files are corrupted.

 

-------------------------------------------------------------------------

 

FORM 1

Authorization to Recover Encryption Key

To be filled out by the RBS Provider

Fax to +1 901-495-2389

 

RBS Service Provider Company Name: ____________________________________________

 

  

Address _____________________________________________________________________

 

 _____________________________________________________________________

 

Telephone ______________________ Email _______________________________

 

Responsible Individual: _________________________________________________________

 

Customer: ___________________________________________________________________

 

 

I hereby certify that it I provide Remote Backup Services to the Customer named above; that the Customer has lost his Encryption Key; that the Customer has authorized me to recover it for him.

 

I certify that the individual requesting this Key Recovery is known to me as the true and honest representative of the Customer and that he is authorized to have full access to the Customers' data, in raw form, as well as his Encryption Key.

 

I know that during the Key Recovery process Remote Backup Systems (RBS) will have access to this Encryption Key; that RBS will have access to, and may view and transmit, the Customer's raw data.

 

I hereby authorize RBS full access the Customer's account and any files it needs from the Customer's file set and the RBS Application Folder on my RBS Server.

  

To the maximum extent permitted by applicable law, in no event shall Remote Backup Systems or its suppliers, employees, assigns or representatives be liable for any damages whatsoever (including without limitation, direct or indirect damages for personal injury, loss of business profits, business interruptions, loss of business information or any other pecuniary loss) arising out of this procedure, even if Remote Backup Systems has been advised of the possibility of such damages. In any case, Remote Backup Systems' and its suppliers', employees', assigns', and representatives' entire liability under any provision of this agreement shall be limited to the amount actually paid by you for this procedure. 

  

While RBS uses every effort to perform this procedure as quickly as possible, we do not guarantee that we can do it within any specific time period. We will work as fast as we can, but the procedure sometimes takes longer than expected. Successful completion depends strongly on the level and speed of cooperation of the Remote Backup Service Provider and the Customer, and in cases where the procedure relies on the Internet, successful completion depends on the availability of Network resources and the integrity and availability of the Remote Backup Service Provider's equipment and Internet connection.

 

I realize that RBS warrants only that it will attempt to recover the Encryption Key, Key Disk or Escrow File and to deliver it to the Customer or the RBS Provider. RBS does not guarantee that it will recover the Encryption Key or the Customer's data - such is the responsibility of the RBS Provider and Customer together or separately using the Encryption Key, Key Disk or Escrow File provided by RBS.

 

 

__________________________________________   ________________________ 

RBS Provider, Authorized Individual                   Date

 

 

------------------------------------------------------------------------

  

FORM 2

 

Authorization to Recover Encryption Key

To be filled out by the End User

Fax to +1 901-495-2389

 

Customer's Name: _____________________________________________________________

 

Address _____________________________________________________________________

 

 

_____________________________________________________________________

 

 

Telephone ______________________  Email _______________________________

 

Responsible Individual __________________________________________________________

 

Remote Backup Service Provider _________________________________________________

 

I hereby certify that it I use the Remote Backup Services provided by Remote Backup Service Provider above; that I have lost my Encryption Key; that I have authorized the Remote Backup Service Provider named above to recover it for me.

I certify that I am the true and honest representative of the Customer and that I am authorized to have full access to the Customers' data, in raw form, as well as the Encryption Key.

 

I know that during the Key Recovery process Remote Backup Systems (RBS) will have access to this Encryption Key; that RBS will have access to, and may view and transmit, the Customer's raw data. 

  

I hereby authorize RBS full access the Customer's account and any files it needs from the Customer's file set and the RBS Application Folder on the RBS Server.

 

To the maximum extent permitted by applicable law, in no event shall Remote Backup Systems or its suppliers, employees, assigns or representatives be liable for any damages whatsoever (including without limitation, direct or indirect damages for personal injury, loss of business profits, business interruptions, loss of business information or any other pecuniary loss) arising out of this procedure, even if Remote Backup Systems has been advised of the possibility of such damages. In any case, Remote Backup Systems' and its suppliers', employees', assigns', and representatives' entire liability under any provision of this agreement shall be limited to the amount actually paid by you for this procedure.

 

While RBS uses every effort to perform this procedure as quickly as possible, we do not guarantee that we can do it within any specific time period. We will work as fast as we can, but the procedure sometimes takes longer than expected. Successful completion depends strongly on the level and speed of cooperation of the Remote Backup Service Provider and the Customer, and in cases where the procedure relies on the Internet, successful completion depends on the availability of Network resources and the integrity and availability of the Remote Backup Service Provider's equipment and Internet connection.

 

I realize that RBS warrants only that it will attempt to recover the Encryption Key, Key Disk or Escrow File and to deliver it to the Customer or the RBS Provider. RBS does not guarantee that it will recover the Encryption Key or the Customer's data - such is the responsibility of the RBS Provider and Customer together or separately using the Encryption Key, Key Disk or Escrow File provided by RBS.

 

 

________________________________________   ________________________

End User, Authorized Individual             Date

(645 vote(s))
This article was helpful
This article was not helpful

Online Backup Software by Remote Backup Systems fusion