Abstract. In this paper we solve the open problem known as the “software key escrow” problem. To this end we develop a cryptographic notion of auto-recoverable auto-certifiable cryptosystems. We first present the exact specification of the problem, based on what software key escrow can hope to achieve. Then we develop our new scheme, which is an efficient reduction to a software key escrow system from a certified public key system. Namely, our scheme is as efficient for users to use as a public key infrastructure, it does not require a tamper-resistant hardware (i.e., it can be distributed in software to users), and the scheme is shadow public key resistant (does not allow the users to publish public keys other then the ones certified). The scheme enables the efficient verification of the fact that a given user's private key is escrowed properly.