Key management and recovery method for encrypted digital certificate

Abstract

The invention relates to a key management and recovery method for an encrypted digital certificate. When a certificate issuing system based on the method issues an encrypted certificate of a user, a specific certificate public key recovered by a key is used for encrypting a private key of the user and then the private key encrypted is put into a newly defined private key recovery extension item in the certificate; when the encrypted private key of the user is damaged or lost, a key recovering system or tool can recover the private key of the encrypted certificate of the user by using a corresponding certificate private key for recovering the certificate and safely send the private key of the encrypted certificate to the user according to necessary private key recovering strategies after necessary user ID confirmation is finished. On the basis of the method, the private key of the user can be recovered in both online and offline manners. Compared with the commonly adopted key management and recovery method for an encrypted digital certificate currently, the invention does not require a special system to collectively store the private of the encrypted certificate of the user, which greatly lowers the complexity of key management and recovery system and causes the private key recovery to become easy, simple and flexible.

Description

technical field [0001] The invention belongs to the technical field of Public Key Infrastructure (PKI) for information security, in particular to a key management and recovery method for encrypted digital certificates. Background technique [0002] Encryption technology is the core technology of information security. Commonly used encryption algorithms in encryption technology include symmetric key encryption algorithm (symmetric key encryption technology) and asymmetric key encryption algorithm (asymmetric key encryption technology). The asymmetric key encryption algorithm uses a pair of keys to encrypt and decrypt information, one of which is publicly released, called a public key, for information encryption (or digital signature verification), and the other is not publicly released, and is owned by the owner of the key pair. The owner (or entity) is kept safe and can be used for information decryption (or digital signature). This pair of keys is called a public key pair,...

AI Technical Summary

Problems solved by technology

[0005] A key management system centrally saves a large number (such as millions, tens of millions) of key pairs of encrypted digital certificates for a long time (such as decades), which is a huge challenge both in terms of management and technology. For example, if the key database storing the private key is damaged, it may cause the private key of millions or tens of millions of digital certificates to be unrecoverable. In addition, when restoring the private key of the certificate, the It may take a long time to find the corresponding private key among tens of millions of key pairs, which is not conducive to online real-time recovery of certificates, and private key recovery can only be recovered by a centralized system, which will cause inconvenience and inconvenience in the use of private key recovery. lack of flexibility etc.

Images