The invention relates to a method for implementing a
safe storage system in a
cloud storage environment and belongs to the technical field of storage safety. The method is characterized in that a trust domain is established in a
server according to the requirements of a user; in the trust domain, identity
authentication is performed by using an
public key infrastructure (PKI); the independence between the storage
system and a bottom layer
system is realized by utilizing a filesystem in
user space (FUSE); a hash value of a file is calculated by utilizing a
secure hash algorithm (SHA1) and taking a block as a unit, a file block is encrypted by utilizing a key and an
advanced encryption standard (AES)
algorithm of a symmetric encipherment
algorithm and taking a block as a unit, and a file
cipher text is uploaded to a
file server in a
cloud storage area so as to guarantee the
confidentiality and integrity of the file; a filer owner postpones encrypting the file again when permission is revoked by designating a user with the permission of accessing the file and the permissions thereof in an
access control list; and only when the user modifies the content of the file, the user encrypts the file block in which the modified content is positioned again and the system implements three
layers of
key management, namely a file block key, a safe
metadata file key and a trust domain
server key so that not only the safety of the file is guaranteed when the permission is revoked, but also the management load of the system is not increased.