1. Field of the Invention
The present invention relates to a computer program product, system, and method for generating public/private key pairs to deploy public keys at computing devices to verify digital signatures.
2. Description of the Related Art
Certain computer systems utilize a challenge-response mechanism to authenticate a user trying to access the system. An authentication system, operated by a provider entity providing authentication services for the customer systems, such as operated by a vendor or manufacturer of the customer systems, will generate a public-private key and distribute the public key to the customer systems needing to use for authentication. When a user attempts to access any of the customer systems, such as a server or storage controller, which may be deployed widely in the field, the customer system will provide an unencrypted challenge to the user. The user will then provide the challenge to the authentication system and if the user is allowed to access the customer system, the authentication system will sign the challenge with the private key to provide a signature. The customer system can then authenticate the user with a signature verifying algorithm that accepts or rejects the message using the public key and the challenge to verify that the user was approved by the authentication system.
Over time, the authentication system may have to invalidate the private key as part of routine key retention policies or if the private key has become compromised. In such case, the authentication system will need to generate a new public-private key pair and distribute the new public key to all the customers systems to use to verify digitally signed challenges from the authentication system to authenticate users seeking to access the customer systems.
There is a need in the art for improved techniques for managing public-private keys for purposes of authentication.