Key escrow

The proliferation of all types of digital signatures and identification systems in different spheres of activity has revealed the need for encryption keys to be kept under lock and key by a trusted third party; it seems appropriate in this scenario that as a trusted service provider, Izenpe should fulfil this role.

In order for different entities to be able to access public keys from their own computer programs and encrypt documents, Izenpe offers this service to entities and public administrations.

Izenpe's key storage service will create the two keys (public and private) associated with a certificate and deliver only the public key to the subscriber, leaving the private key in the custody of the certification service provider, in this case Izenpe.

Encryption security, above and beyond technological aspects, lies in the private key safekeeping measures used by Izenpe.

The most delicate step in the service is the process of encryption when the subscriber needs to access the private key held by Izenpe.

  • The encryption request document must be signed by at least three of the five people identified in the key service request form.
  • The encryption process is done digitally he under the “supervision” of Izenpe.

As a security measure the Storage Service can be required to protect the encrypted data. By extending the service, Izenpe signs (CAdES or XAdES) and timestamps the encrypted data before it is delivered to the person requiring the documentation, whether a specialist or a judge, either digitally or in person.

This added service ensures data integrity and Izenpe attests to the encryption process and the time it is performed.


  • Certificado Aenor 27001
  • Recognition of equality Emakunde
  • Bikain, Euskararen Kalitate Ziurtagiria
  • lsti