Private key safe storage and distribution method and device

Abstract

The invention discloses a private key safe storage and distribution method and device. The method comprises the steps that a private key safe storage center receives a target domain name and a privatekey corresponding to the target domain name, encrypts the private key and stores the target domain name and the encrypted private key corresponding to the target domain name; and the private key safestorage center receives a private key acquisition request from an edge node, analyzes the target domain name from the private key acquisition request, inquires and extracts the encrypted private keycorresponding to the target domain name, decrypts the encrypted private key to obtain the private key, and sends the private key to the edge node. According to the method, all private keys are encrypted and stored in the private key safe storage center uniformly, the private key plaintexts are not stored on a medium directly, so that the private key is protected effectively; and special hardware is not deployed on the edge node, so that the cost is saved.

Description

technical field [0001] The invention relates to the field of cloud computing processing, in particular to a method and device for securely storing and distributing private keys. Background technique [0002] One of the biggest challenges in using a security-oriented HTTP channel (Hyper Text Transfer Protocol over Secure Socket Layer, HTTPS) in a Content Delivery Network (CDN) scenario is the security of the private key. The edge nodes of the CDN undertake the task of handshaking Secure Sockets Layer (SSL) with the client. Therefore, the edge nodes of the CDN need to have the ability to use the private key. The most common way is to deploy the private key to the edge node. In this way, when there are a large number of CDN edge nodes, the number of copies of the private key will be very large. From a security point of view, this undoubtedly increases the risk of private key leakage. [0003] There are two methods to solve this problem in the prior art. In the first method, th...

AI Technical Summary

Problems solved by technology

[0004] For the above two methods, there are different degrees of disadvantages. Specifically: for the first method, when the keyless server is far away from the CDN edge node, the remote keyless solution will increase the delay of the SSL handshake, and for the user, Additional maintenance of the keyless server is required, which increases the user's operation and maintenance costs

For method 2, due to the huge number of edge node cache servers, adding hardware security chips will increase the manufacturer's cost

In addition, the huge number of edge node cache servers also tests the security management capabilities of CDN manufacturers. If the cache servers themselves have loopholes, there is a possibility of private key leakage even if a security chip is added.

Images