REVOCABLE SHREDDING OF SECURITY CREDENTIALS

摘要

Customers accessing resources and/or data in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer. A multi-tenant cryptographic service can be used to manage cryptographic key material and/or other security resources in the multi-tenant environment. The cryptographic service can provide a mechanism in which the service can receive requests to use the cryptographic key material to access encrypted customer data, export key material out of the cryptographic service, destroy key material managed by the cryptographic service, among others. Such an approach can enable a customer to manage key material without exposing the key material outside a secure environment.

主权项

1. A computer implemented method for managing a cryptographic key, comprising:
storing, in a data store managed by a key management service, a cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider; receiving a suspend request to suspend storage of the cryptographic key by the key management service; generating a restore key to be associated with the customer; encrypting the cryptographic key with the restore key; sending, to the customer, the cryptographic key as encrypted under the restore key; destroying any copy of the cryptographic key stored by the key management service; receiving a restore request to cause to the key management service to store a copy of the cryptographic key, the restore request including a copy of the cryptographic key as encrypted under the restore key; and decrypting the copy of the cryptographic key as encrypted under the restore key using the restore key and storing the cryptographic key in the key management service on behalf of the customer.