This invention relates, in general, to processing within a virtual computing environment, and in particular, to providing security within that environment.
One aspect of providing security within the virtual environment is to protect cryptographic keys used in cryptographic operations performed by a crypto device. In one example, these keys are protected via encryption. For instance, a cryptographic key is encrypted under a master key providing an encrypted cryptographic key. The master key is kept inside the security boundary of the crypto device. The encrypted cryptographic key can be stored outside the security boundary of the crypto device and is then used in cryptographic operations.
A single processor system has one set of master keys associated therewith. That is, the single processor system has a master key for each type of cryptographic keys. However, in a partitioned environment, there is one set of master keys for each zone or partition.