学术文献库

Electronic documents are signed using private keys and verified using the corresponding digital certificates through the well-known public key infrastructure model. Private keys must be kept in a safe container so they can be reused. This makes private key management a critical component of public key infrastructures with no failproof answer. Therefore, existing solutions must employ cumbersome and often expensive revocation methods to handle private key compromises. We propose a new cryptographic key management model built with long-term, irrevocable digital certificates, each bound to a single document. Our model issues a unique digital certificate for each new document to be signed. We demonstrate that private keys associated with these certificates should be deleted after each signature, eliminating the need to store those keys. Furthermore, we show that these certificates do not require any revocation mechanism to be trusted. We analyze the overhead caused by the frequent generation of new key pairs for each document, provide a security overview and show the advantages over the traditional model.