金鑰恢復是一門被廣泛討論的研究,密碼安全系統可以保障使用者資料的安全,以及保護個人隱私,利用公開具安全性的密碼演算法達到資料的隱密性,但在整個密碼演算的過程中,我們必須仰賴密碼運算金鑰的友善保管,而金鑰恢復機制可以避免金鑰遺失或損壞所造成的損失。 許多文獻上探討金鑰恢復的構想主要都集中在接收者遺失金鑰,或是有權限的合法第三機構想要取得加密資訊時,如何去恢復加密檔案的金鑰內容,以取得檔案明文。本論文的第三章將提出一個完整、實用的金鑰恢復系統架構,包含使用者身分確認以及資訊傳送私密性的保護,利用簡單且效率的方法,可以讓多位檔案擁有者在遺失私密金鑰,或是私密金鑰不在手邊時,也有能力恢復檔案加密金鑰,以取得加密檔案的明文。 論文的最後將說明,如何將本篇所提出的金鑰恢復系統實作到密碼安全系統GnuPG,而且不影響GnuPG原系統架構。 Key Recovery is a well-known and widely discussing research. Cryptosystem accesses to protect user’s secured data and private information against being disclosed by public and approved algorithms. The key relies on a good management and its technique prevents from the damage if a user loses his key or the key is broken. The main concept of the key recovery in many papers focuses on how to recover the target key when the key owner loses his key or the legislative third party wants to get the encrypted data. In chapter 3, we propose the whole and practical key recovery system architecture including user authentication and the secrecy of transmission data. We apply an easy and efficient way to assist the file owners to recover the key to get the plain text when lose the key get lost or unavailable. In chapter 4, we show how to implement the key recovery system in the GnuPG and never influence the functions in the original system.
