Securely Share Encrypted Files without Sharing Credentials or Encryption Keys

C.

To enable users to securely share encrypted files via email while abiding by company policies, digital signatures or Public Key Infrastructure (PKI) can be implemented.

Digital signatures are electronic signatures that are used to authenticate the sender of a message or document. They are created by applying a mathematical algorithm to the message or document, which creates a unique identifier known as a hash. The hash is then encrypted using the sender's private key, which ensures that the signature is authentic and has not been tampered with.

PKI, on the other hand, is a system that uses digital certificates and public-private key pairs to secure communications. It consists of a Certificate Authority (CA) that issues digital certificates, a Registration Authority (RA) that verifies the identity of users, and a Directory Service that stores and manages the digital certificates.

In this scenario, both digital signatures and PKI can be used to ensure that the encrypted files are sent securely and that the sender's identity is verified. Digital signatures can be used to ensure that the encrypted files are authentic and have not been tampered with during transmission. PKI can be used to authenticate the sender and ensure that the encrypted files are sent only to the intended recipient.

Key escrow and hashing are not suitable solutions in this scenario. Key escrow involves storing encryption keys with a third party, which is not allowed by company policy. Hashing is a one-way function that generates a fixed-length output from an input message, but it does not provide any encryption or authentication capabilities.