Abstract: A method and apparatus for ensuring that a key recovery-enabled (KR-enabled) system communicating with a non-KR-enabled system in a cryptographic communication system transmits the information necessary to permit key recovery by a key recovery entity. In a first embodiment, data is encrypted under a second key K that is generated as a one-way function of a first key K′ and a key recovery block KRB generated on the first key K′. The key recovery block KRB and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the second key K from the first key K′ and the key recovery block KRB. In a second embodiment, data is encrypted under a second key K that is generated independently of the first key K′. A third key X, generated as a one-way function of the first key K′ and a key recovery block KRB generated on the second key K, is used to encrypt the XOR product Y of the first and second keys K′, K.

Abstract: In a cryptographic communications system, a method and apparatus for allowing a sender of encrypted data to demonstrate to a receiver its ability to correctly generate key recovery information that is transmitted along with the encrypted data and from which law enforcement agents or others may recover the original encryption key. Initially, the sender generates a key pair comprising a private signature key and a corresponding public verification key and sends the latter to a key recovery validation service (KRVS). Upon a satisfactory demonstration by the sender of its ability to correctly generate key recovery information, the KRVS generates a certificate certifying the public verification key and the ability of the sender to correctly generate key recovery information. The sender uses its private signature key to generate a digital signature on the key recovery information, which is sent along with the key recovery information and encrypted data to the receiver.