A two-phase method of key recovery which will be referred to as Secure
Key Recovery (SKR) is presented. The proposed key recovery system per
mits a portion of the key recovery information to be generated once an
d then used for multiple encrypted data communications sessions and en
crypted file applications. In particular, the portion of the key recov
ery information that is generated just once is the only portion that r
equires public key encryption operations. We also describe a verificat
ion mode in which the communicating parties each produce SKR recovery
information independently, without checking the other's so produced in
formation. In this mode, ii at least one side is correctly configured,
all required recovery information is correctly produced. In addition,
the communicating parties are fi-ee to include any optional recovery
fields without causing a false invalidation of what the other parties
sent. Further, we present a method of verification of key recovery inf
ormation within a key recovery system, based on a variation of the thr
ee-party Diffie-Hellman key agreement procedure. Without communication
with a trustee, the sender is able to encrypt recovery information in
such a way that both the receiver and the respective trustee can decr
ypt it. This reduces the number of encryptions, and inherently validat
es the recovery information when the receiver decrypts it. The method
allows full caching of all public key operations, thus further reducin
g computational overhead.