Key rotation techniques

摘要

A plurality of devices have common access to a cryptographic key. The cryptographic key is rotated by providing the devices simultaneous access to both the cryptographic key and a new cryptographic key and then revoking access to the cryptographic key. Keys stored externally and encrypted under the cryptographic key can be reencrypted under the new cryptographic key. Keys intended for electronic shredding can be left encrypted under the old cryptographic key.

主权项

1. A computer-implemented method, comprising:
under the control of one or more computer systems having executable instructions,
receiving a first request to electronically shred a first subset of a plurality of customer keys encrypted under a first cryptographic key;performing a first process that results in each security module in a plurality of security modules being able to perform cryptographic operations with a customer key of the plurality of customer keys regardless of whether the customer key is encrypted using the first cryptographic key or a second cryptographic key at least by:
submitting a second request to a selected security module of the plurality of security modules;receiving, from the selected security module, a response to the second request that includes the second cryptographic key, in a form of an encrypted second cryptographic key, encrypted in a manner decryptable by the plurality of security modules; andproviding at least the encrypted second cryptographic key to each other security module from the plurality of security modules;for each customer key of a second subset of the plurality of customer keys encrypted under the first cryptographic key, the second subset being disjoint from the first subset as a result of having received the first request:
accessing, from a data storage system, the customer key;instructing a security module from the plurality of security modules to:
use the first cryptographic key to decrypt the customer key to form a decrypted customer key;use the second cryptographic key to encrypt the decrypted customer key; andprovide the customer key encrypted under the second cryptographic key; andstoring the customer key encrypted under the second cryptographic key in the data storage system; andat a time after each customer key of the plurality of customer keys is encrypted under the second cryptographic key and stored in the data storage system:
determining that the first process was successful; andperforming a second process that results in each security module in the plurality of security modules losing access to the first cryptographic key but maintaining access to the second cryptographic key.