DEW provides Key Management Service (KMS), an offering that integrates many of HUAWEI CLOUD extensive services including OBS, EVS, IMS, and more.
DEW provides Key Pair Service (KPS) that enables you to create or import key pairs on the management console when logging in to your purchased ECS.
With DEW, keys and random numbers are generated by the third-party validated HSMs. It is compliant with national and international laws and regulations.
DEW provides CSCA certified or FIPS 140-2 validated level-3 HSM protection, guaranteeing high-performance encryption to meet your stringent security requirements.
For encryption scenarios requiring strict compliance, you can use the CSCA (China State Cryptography Administration) certified HSM or FIPS 140-2 validated level-3 HSM to implement exclusive encryption. Two HSMs are provided by default to ensure the high reliability.
HSMs provided by DEW are third-party certified or validated.
Provides exclusive chips to ensure concurrent high-speed computing performance under different encryption protocols.
Provides the same functions and interfaces as physical HSMs. It is compatible with traditional applications and is easy when migrating to cloud.
Key Management Service
KMS uses validated HSMs to protect your keys, so you can effortlessly create and manage keys for data encryption. It can be Integrated with other HUAWEI CLOUD services such as OBS, EVS, and IMS.
Integrates with OBS, EVS, IMS, and more, to enable secure and easy data encryption.
Supports full management and lifecycle management of your keys.
Supports APIs, so you can call APIs to integrate KMS with your applications for data encryption.
Stores CMKs redundantly online, physically backs up root keys in multiple copies offline, and performs regular backups to ensure key persistence.
KPS is designed for login scenarios that have stringent security requirements. When purchasing an ECS, you can set the login mode to key-pair login. The key pair can be reset or replaced as necessary.
By default, key pairs use the SSH-2 (RSA, 2048) algorithm for encryption and decryption.
You can import your private keys to the DEW management console on HUAWEI CLOUD and use KPS to manage them.
The DEW management console provides you with easy control and management for your key pairs.
Provides you with basic and professional editions, catering for your needs in different service scenarios.
KMS provides you with basic and professional editions, catering for your needs in different service scenarios.
With KPS, you can download the private keys to your local host, or have your private keys managed in the cloud.
Exclusive encryption chips are provided. Provides the same functions and interfaces as physical HSMs to facilitate the migration of services to the cloud. Supports China's SM1, SM2, SM3, and SM4 encryption algorithms.
In addition to the professional edition, we can offer you the enterprise edition to meet your customized requirements. Please contact our pre-sales personnel for details.
With the basic-edition KMS, you can employ user-imported keys, and create a maximum of two keys. You can create, enable, disable, and delete Customer Master Keys (CMKs). You can create, encrypt, and decrypt Data Encryption Keys (DEKs), and additionally, and you can use the keys to interwork with OBS, EVS, and IMS for data encryption.
In addition to functions available with the basic edition, you can create 20 keys, and integrate the professional-edition KMS with RDS for static data encryption. Developers can use APIs to encrypt applications.
Private Keys Saved Locally
The password for logging in to the ECS may be weak or at the risk of brute-force cracking. To avoid such risk, you can import the local private key for login.
Private Keys Managed by DEW
If you do not have a secure mechanism for storing private keys locally, you can easily manage them using DEW on HUAWEI CLOUD, and use the managed key pairs for login authentications.