In order to secure communications between two entities, asymmetric encryption is often employed. In an asymmetric encryption system, a public key and a complementary private key are employed for each user. The public key is published and the private key is kept private. A sender uses the recipient's public key to encrypt a message and the recipient uses its own private key to decrypt the message.
When two entities are connected over a channel secured by asymmetric cryptography, such as a Transport Layer Security (TLS) link, the credentials of one entity could be stolen by an attacker, and then used by the attacker to setup another secure connection with the server. This is particularly problematic when one entity is a virtual machine (VM) on the public cloud.
A need therefore exists for methods and apparatus for asymmetric encryption with expiring revocable certificates having a predefined validity period. A further need exists for improved techniques for providing credentials to clients on the public cloud, such as a virtual machine. Yet another need exists for methods and apparatus for asymmetric encryption that are resilient to connection losses between the server and client.