Encryption is a well known technique used to obscure data or information, contained in a message, from unauthorized third parties. There are many different types of encryption that have been used. One popular type of encryption is public key encryption in which a public key and a private key are generated so that the private key and public key have a mathematical relationship that is computationally difficult to calculate at least from the private key to the public key. In other words, given only the public key, it is difficult to determine the private key. As a result, the public key can be publicly distributed (such as stored in a public key ring or key server) and the private key is kept securely by the user. When the user wants to send an encrypted message using public key encryption, the user finds the recipient's public key and encrypts the message using the public key of the recipient. When the recipient receives the message, the recipient uses his/her private key to decrypt the message. Similarly, when someone wants to send a message to the user, the message is encrypted using the public key of the user and the user decrypts the message using the secure private key. The advantage of public key encryption is that a private key of the user never has to be revealed or communicated to any third party.
FIG. 1 illustrates an ideal encryption key system 100 in which the system includes an application 102 that has the capability to encrypt/decrypt messages using public key encryption. The application may utilize a crypto service API to connect to a crypto API wrapper 104 that manages the public key encryption process of the application including the storage of the private key. In the ideal system in FIG. 1, the system also has a crypto service 106 that is accessible by a function call. The crypto service 106 may include crypto functions 108 and a key storage 110. The crypto service 106 may be securely hosted and protected from hackers and the like. In this ideal system, the crypto service 106 stores and manages the private key of the user and may also perform the decryption functions for the applications so that the private key is maintained on the secure crypto service 106.
FIG. 2 illustrates a typical encryption key system 200 that has the same application 202. In most typical implementations of the public key system, the application 202 may include a key storage 204 in which the private key of the user is stored and managed. As with the ideal system, the application may connect using a crypto function API to a crypto library 206 that has a plurality of crypto functions 208 to perform the encryption/decryption using the private key. In the typical system, to perform the encryption/decryption, the private key must be communicated from the key storage 204 in the application to the crypto library 206 which exposes the private key. In addition, with the system of FIG. 2, it is very difficult to update the private keys since they are stored on each application 202. Furthermore, in an Internet of Things (IoT) type system, the management of the private keys and thus the public key encryption system is not feasible. Thus, it is desirable to provide a system and method for managing the private keys of a public key encryption system.