Key Escrow

Print-friendly version

Information Security Guideline

Introduction

  1. This guideline is meant to provide assistance with key escrow, which is a method of storing keys (passphrases or passwords) used to encrypt and decrypt information so that they can be recovered if they are lost.
  2. This guideline has been issued by the Chief Information Officer to supplement the Cryptographic Controls standard. Compliance with this guideline is recommended, but not mandatory. Questions about this guideline may be referred to information.security@ubc.ca.

Security and Privacy of Key Escrow

  1. Key escrow provides a secure and private method of recovering keys used to encrypt information.
  2. Key escrow services must not be used to track the location of an individual.

Alternatives to Key Escrow

  1. UBC does not offer a Key Escrow service. If you are unable to make use of an electronic service that provides key escrow, then you must implement one of the following alternatives:
    1. use a Password Safe (see the Password Safe guideline for more information);
    2. print out the key and lock it in a safe;
    3. save the key file to a USB drive and lock it in a safe;
    4. if using Microsoft’s BitLocker, see this Microsoft article on how to back up your recovery key; or
    5. if using Apple's FileVault 2, see this Apple article on how to create a recovery key.

Related Documents and Resources

  1. Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems
  2. Cryptographic Controls standard
  3. Password Safe guideline

Guideline Last Revised: 2025-03

This page was last updated on Tuesday, March 11, 2025