A key archive, Key Recovery Center (KRC), is an authorized instance of the Trust Center( TC) that archives cryptographic keys and makes them available and recoverable for authorized persons. Unauthorized parties are not given access to the keys.
The keys managed by the key archive can be secret keys for symmetric and asymmetric encryption. In addition to the keys, the key archive also stores the authorized persons with their authentications. Such a key archive also ensures the recovery of lost keys.
A key archive can be an integral part of the company's internal security infrastructure( PKI) in which the keys or parts of keys used are stored and made available to authorized persons on request. In the case of incompletely stored keys, the missing key components are determined by a brute force attack.
There are several technical approaches to key archives. The Key Recovery Center (KRC) stores the keys used by the user and the keys encrypted with the public key of the key archive together with the user ID. The Key Directory Server( KDS), which stores only authentication data of the user, but not the key, and the Key Decryption Server. On this server the end user can store the keys he uses. If the key is needed by an authorized person, the end user sends the key encrypted with a public key to the key archive.