Unified storage and management of cryptographic keys and certificates
First Claim
1. A method comprising:
- receiving a cryptographic resource including a first artifact in a first format having a first metadata set, the first format being a pretty good privacy (PGP) canonical format;
converting the first artifact to a second artifact having a second format;
storing the second artifact in a repository; and
responsive to a request for the first artifact, creating a third artifact based on the second artifact;
wherein;
the repository cannot store the first artifact, at least in part, because the first artifact is formatted according to the first format;
the second artifact being formatted according to the second format retains the first metadata set of the first artifact;
the repository configured to store the second artifact, at least in part, because the second artifact is formatted according to the second format;
the third artifact is a functional copy of the first artifact, the third artifact functionally replaces the first artifact;
the second format is a standard format of the repository; and
the first format and the second format are distinct formats.
1 Assignment
0 Petitions
Accused Products
Abstract
Cryptographic resources, such as those including PGP keys and certificates, are transformed such that they are understood by certificate repositories, such as in a format understood by the Java JAVA tools of JAVA KEYSTORE (JKS). JAVA is one example of a general-purpose computer programming language that is concurrent, class-based, object-oriented. JAVA KEYSTORE is one example of a repository of security certificates, such as authorization certificates and public key certificates, used for instance in SSL encryption. The transformation of the cryptographic resources is completed such that the necessary metadata for retrieving the original cryptographic resources, or artifacts thereof, are retained. In that way, cryptographic resources are effectively hidden within the certificate repository until needed. The security program applies an algorithm to generate keys for JKS storage such that the keys “masquerade” in a JKS canonical format until the time in which the resources are needed to be in a PGP canonical format.
-
Citations
6 Claims
-
1. A method comprising:
-
receiving a cryptographic resource including a first artifact in a first format having a first metadata set, the first format being a pretty good privacy (PGP) canonical format; converting the first artifact to a second artifact having a second format; storing the second artifact in a repository; and responsive to a request for the first artifact, creating a third artifact based on the second artifact; wherein; the repository cannot store the first artifact, at least in part, because the first artifact is formatted according to the first format; the second artifact being formatted according to the second format retains the first metadata set of the first artifact; the repository configured to store the second artifact, at least in part, because the second artifact is formatted according to the second format; the third artifact is a functional copy of the first artifact, the third artifact functionally replaces the first artifact; the second format is a standard format of the repository; and the first format and the second format are distinct formats. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification