| 主权项 |
1. A computer implemented method for secure key management, comprising:
creating, by a computer processing unit of a computer, the computer comprising the computer processing unit and a memory, a token and populating a payload section of the token with key material; selecting a wrapping method from a plurality of supported wrapping methods that specifies how the key material is securely bound to key control information, wherein a structure of the key control information in the token is independent of the wrapping method, and wherein the plurality of supported wrapping methods comprises advanced encryption standard key wrap (AESKW), Rivest Shamir Adelman (RSA) with Optimal Asymmetric Encryption Padding (OAEP), data encryption standard (DES), Elliptic Curve, and message authentication code (MAC); and wrapping the key material and binding key control information to the key material in the token, wherein the key control information includes information relating to usage and management of the key material, wherein the token comprises the key control information, the payload section, a hash method field, and a description of the wrapping method, the description of the wrapping method being distinct from the hash method field and being located in a selected section of the token, and wherein the selected section in the token is known by a party accessing the token, the description of the wrapping method corresponding to one of the plurality of supported wrapping methods, and wherein the key control information further comprises a label for the token that is recoverable from the token, the label comprising an unencrypted user-specified name of the token. |
