Method and apparatus for public key management

Abstract

A method and apparatus for public key management is accomplished when an associated authority provides, from time to time, a public key of at least one of a plurality of certificate authorities to a client. The associated authority provides the public key in a trustworthy manner over an on-line communication path and/or a store and forward communication path, which may be done using a self-signed signature public key certificate. Upon receiving the public key, the client maintains it in a storage medium associated with a client cryptographic engine. When a client application needs a security-related operation to be performed, it evokes the client cryptographic engine via an application program interface. Upon being evoked the client cryptographic engine determines whether a public key certificate associated with the security-related operation is verified as authentic based on the public key of at least one of the plurality of certification authorities. This is done by verifying the signature of the certification authority that signed the public key certificate associated with the security related operation. Once the signature is verified, the contents of the public key certificate can be authenticated. When the public key certificate is authenticated, the client cryptographic engine performs the security-related operation using a subject public key of the public key certificate associated with the security-related operation. Having done so, the client cryptographic engine provides an indication to the client application that it has successfully performed the security-related operation. If, however, the public key certificate was not authenticated, the client cryptographic engine provides the client application an indication that the security-related operation was not successfully performed.