主权项 |
1. A computer-implemented method, comprising:
receiving, at a client device from a consumer having a corresponding credential, a request to perform a cryptographic operation involving a managed asymmetric key; identifying, by the client device, a group of which the consumer is a member based on the credential; identifying, by the client device, cryptographic permissions associated with the managed asymmetric key specifying cryptographic operations involving the managed asymmetric key that members of the group are permitted to perform; identifying, by the client device, a symmetric key associated with the managed asymmetric key; storing, by the client device, an encrypted form of the symmetric key on the client device, the encrypted form of the symmetric key obtained by encrypting the symmetric key with a public key; determining, by the client device, that the identified cryptographic permissions are insufficient to obtain a private key corresponding to the public key; providing, by the client device, the encrypted form of the symmetric key to a first server; receiving, by the client device, from the first server, a decrypted form of the symmetric key; and decrypting, by the client device, content using the decrypted form of the symmetric key. |