A system and method for providing cryptographic operation service in a virtualization environment. In the system, a configuration subsystem provides an interface for an administrator and a common user to input information about a virtual cryptographic device. A key file storage subsystem stores a key file and protects it with the protection password. A virtual machine operating subsystem obtains a corresponding key file from the storage subsystem according to the input of the configuration subsystem, creates a virtual device for a guest virtual machine, and finally operates the guest virtual machine to provide cryptographic computing service for the guest virtual machine. Thus the administrator/the common user can specify a key file and input a protection password for a guest virtual machine via the corresponding interface to facilitate the creation of a virtual cryptographic device, and can manage the virtual cryptographic device in a user-friendly and centralized manner. The guest virtual machine on a virtualization management platform can request for a secure cryptographic operation service, thereby alleviating the key security problem in virtualization environment.