Secure import and export of keying material

摘要

An embodiment includes a method executed by at least one processor of a first computing node comprising: generating a key pair including a first public key and a corresponding first private key; receiving an instance of a certificate, including a second public key, from a second computing node located remotely from the first computing node; associating the instance of the certificate with the key pair; receiving an additional instance of the certificate; verifying the additional instance of the certificate is associated with the key pair; and encrypting and exporting the first private key in response to verifying the additional instance of the certificate is associated with the key pair. Other embodiments are described herein.

主权项

1. An apparatus comprising:
at least one memory coupled to a processor; at least one secure processor that is included in a first computing node, coupled to the memory, and out-of-band from the processor; the at least one secure processor to perform operations comprising: generating a key pair including a first public key and a corresponding first private key; receiving an instance of a certificate, including a second public key, from a second computing node located remotely from the first computing node; associating the instance of the certificate with the key pair; receiving an additional instance of the certificate; verifying the additional instance of the certificate is associated with the key pair; and encrypting and then exporting an instance of the first private key in response to verifying the additional instance of the certificate is associated with the key pair.