A security administrator at a company which implements key escrow and symmetric encryption only, needs to
decrypt an employee’s file. The employee refuses to provide the decryption key to the file. Which of the
following can the administrator do to decrypt the file?
Use the employee’s private key
Use the CA private key
Retrieve the encryption key
Use the recovery agent
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key
escrow, the keys needed to encrypt/decrypt data are held in an escrow account and made available if that third
party requests them. The third party in question is generally the government, but it could also be an employer if
an employee’s private messages have been called into question.