Multi-level key management

摘要

A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying.

主权项

1. A system for centrally managing encryption or decryption services across multiple domains, the system comprising:
at least one processor; a non-transitory computer readable medium including instructions, which, when executed, are configured to cause the at least one processor to implement, a key manager configured to generate a master key to protect a plurality of domains including a first domain and a second domain different than the first domain; the key manager configured to store the master key; the key manager configured to determine a first encryption algorithm and first key size based on domain-specific policy information for the first domain, and determine a second encryption algorithm and second key size based on domain-specific policy information for the second domain; the key manager configured to generate a plurality of domain keys including generating a first domain key having the first key size for the first domain, and generating a second domain key having the second key size for the second domain; the key manager configured to encrypt the plurality of domain keys including the first domain key and the second domain key with the master key; and the key manager configured to store the encrypted first domain key and the encrypted second domain key in an area remote from the first domain and the second domain, the key manager configured to generate a first Cipher object for the first domain in response to a request from the first domain, including retrieving the first domain key, decrypting the first domain key with the master key, and transmitting the first Cipher object to the first domain, the first Cipher object identifying the first encryption algorithm and including the first domain key; the key manager configured to generate a second Cipher object for the second domain in response to a request from the second domain, including retrieving the second domain key, decrypting the second domain key with the master key, and transmitting the second Cipher object to the second domain, the second Cipher object identifying the second encryption algorithm and including the second domain key, wherein the first encryption algorithm and the first domain key of the first Cipher object are not exposed to the first domain other than by invocation of encryption or decryption provided by the first Cipher object, and the second encryption algorithm and the second domain key of the second Cipher object are not exposed to the second domain other than by invocation of encryption or decryption provided by the second Cipher object.