A proxy-based encryption method includes generating, according to a private key of a sending end and a public key of a receiving end, proxy keys that correspond to at least two proxy servers, respectively. The number of the proxy keys is equal to the number of the proxy servers. The method further includes sending encrypted ciphertexts and the proxy keys that correspond to the at least two proxy servers respectively to the at least two proxy servers, respectively, so that the at least two proxy servers re-encrypt the encrypted ciphertexts according to the corresponding proxy keys.

The present invention relates to the field of computer technologies and discloses a method and a system for key generation, backup, and migration based on trusted computing, including: receiving a key generation request input by a user; controlling a trusted platform module to generate a platform migratable key, encrypting the platform migratable key by using a public key of a root key of the trusted platform module, and storing a cipher-text key of the platform migratable key; controlling the trusted platform module to generate a user migratable key, encrypting the user migratable key by using a public key of the platform migratable key, and storing a cipher-text key of the user migratable key; and controlling the trusted platform module to generate a binding key of the user, encrypting the binding key by using a public key of the user migratable key, and storing a cipher-text key of the binding key.