A Secure Scheme of Key Management for Database Encryption

摘要

Key management is the crucial technique for database encryption. The keys to encryt and decrypt the secret data are generated and administered by the creators who create the secret data. Anyone who makes a request on the secret data has to register himself in a certificate authority and get his public key certificate. The requestor sends his request on the secret data to the database administrator and the creator of the secret data. The database administrator verifies the identity of the requestor and forwards the request to the creator. After the creator compares the two requests, he sends the keys to the requestor. The schmen is more safe because the keys is administered by different creators, the secret data saved in database is encrypted with the creator's writing keys and the database administrator's ephemeral keys, the creators' reading and writing keys must be changed periodically and the administrator's ephemeral must be changed after every writing operation.