Code of Federal Regulations (Last Updated: November 8, 2024) |
Title 15 - Commerce and Foreign Trade |
Subtitle B - Regulations Relating to Commerce and Foreign Trade |
Chapter VII - Bureau of Industry and Security, Department of Commerce |
SubChapter C - Export Administration Regulations |
Part 742 - Control Policy - CCL Based Controls |
Supplement No. 4 to Part 742 - Key Escrow or Key Recoverable Products Criteria
-
Key Recoverable Feature (1) The key(s) or other material/information required to decrypt ciphertext shall be accessible through a key recoverable feature.
(2) The product's cryptographic functions shall be inoperable until the key(s) or other material/information required to decrypt ciphertext is recoverable by government officials under proper legal authority and without the cooperation or knowledge of the user.
(3) The output of the product shall automatically include, in an accessible format and with a frequency of at least once every three hours, the identity of the key recovery agent(s) and information sufficient for the key recovery agent(s) to identify the key(s) or other material/information required to decrypt the ciphertext.
(4) The product's key recoverable functions shall allow access to the key(s) or other material/information needed to decrypt the ciphertext regardless of whether the product generated or received the ciphertext.
(5) The product's key recoverable functions shall allow for the recovery of all required decryption key(s) or other material/information required to decrypt ciphertext during a period of authorized access without requiring repeated presentations of access authorization to the key recovery agent(s).
Interoperability Feature (6) The product's cryptographic functions may:
(i) Interoperate with other key recoverable products that meet these criteria, and shall not interoperate with products whose key recovery feature has been altered, bypassed, disabled, or otherwise rendered inoperative;
(ii) Send information to non-key recoverable products only when assured access is permitted to the key(s) or other material/information needed to decrypt ciphertext generated by the key recoverable product. Otherwise, key length is restricted to less than or equal to 56-bit DES or equivalent.
(iii) Receive information from non-key recoverable products with a key length restricted to less than or equal to 56-bit DES or equivalent.
Design, Implementation and Operational Assurance (7) The product shall be resistant to efforts to disable or circumvent the attributes described in criteria one through six.
(8) The product's cryptographic function's key(s) or other material/information required to decrypt ciphertext shall be accessible to government officials under proper legal authority.