检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Adding Data Assets After data assets (databases) are added to the system, you can identify, encrypt, decrypt, and mask sensitive data in the databases. This section uses the MySQL database as an example. Add data assets based on the site requirements.
Monitoring DEW Key Usage Using CTS DEW provides the key function to help you generate, encrypt, and decrypt data encryption keys (DEKs) to protect sensitive data in cloud services.
Billing Examples Billing Scenario A user created a symmetric key at 14:25:00 on May 18, 2023 and used the key to encrypt OBS. During the use of the key, 164,573 API requests were generated. The user stopped using the key and deleted it at 16:14:00 on June 29, 2023.
Ciphertext DEKs are generated when you use a CMK to encrypt the plaintext DEKs. Huawei Cloud services use the plaintext DEK to encrypt a plaintext file, generating a ciphertext file.
Check whether both the source and destination databases use SSL to encrypt connections.
Key Management Service Using KMS to Encrypt Offline Data Using KMS to Encrypt and Decrypt Data for Cloud Services Using the Encryption SDK to Encrypt and Decrypt Local Files Encrypting and Decrypting Data Through Cross-region DR Using KMS to Protect File Integrity
Using KMS to Encrypt Secrets Dedicated Distributed Storage Service (DSS) EVS enables you to encrypt data on created disks as required. Keys used by encrypted EVS disks are provided by KMS of DEW, secure and convenient.
(java.security.PublicKey publicKey, byte[] source) Encrypt data using the RSA algorithm. static String encrypt(String source, java.security.PublicKey publicKey) Encrypt data using the RSA algorithm (both the source and returned data is encoded using Base64). static String encrypt(
Benefits: Advantages over CMK encryption in KMS Users can use CMKs to encrypt and decrypt data on the KMS console or by calling KMS APIs. A CMK can encrypt and decrypt data no more than 4 KB. An envelope can encrypt and decrypt larger volumes of data.
The ciphertext DEK is generated when you use a CMK to encrypt the plaintext DEK. Use the plaintext DEK to encrypt the file. A ciphertext file is generated. Save the ciphertext DEK and the ciphertext file together in a persistent storage device or a storage service.
Related cloud services and tools DEW: Based on the integration between DEW and services such as OBS, EVS, and IMS, KMS can manage the keys of these services, encrypt service data, and encrypt local data using KMS APIs. Parent topic: SEC07 General Data Security
Using the Encryption SDK to Encrypt and Decrypt Local Files Encryption Software Development Kit (SDK) can encrypt and decrypt data and file streams. You can easily encrypt and decrypt massive amounts of data simply by calling APIs.
The SDK then randomly generates a data key and initial value for each object and uses the data key and initial value to encrypt the object. After that, the SDK uploads the encrypted object to OBS and then uses the RSA key to encrypt the data key.
Using KMS to Encrypt Secrets Dedicated Distributed Storage Service (DSS) EVS enables you to encrypt data on created disks as required. Keys used by encrypted EVS disks are provided by KMS of DEW, secure and convenient.
Trigger the function to encrypt and decrypt the files. The function uploads the processed files to the other bucket.
In this case, A can use B's public key to encrypt the messages, and B can use its private key to decrypt the messages. If you use a private key to encrypt data, the public key can be used to decrypt data.
The key is used to encrypt and protect DEKs. A custom key can be used to encrypt multiple DEKs. It can be disabled and scheduled for deletion. It is billed per use after the being created or imported.
Using wrapping key to encrypt key material: Use HSM or OpenSSL to encrypt wrapping key into key material. Importing key material (existing key material): Import key material and token to the created empty key.
mode, AesUtils.PAD pad) Encrypt the plaintext using the AES algorithm and a private key with specified mode and length.
Processors Conditions Parallel Processor Delay EDI Processor Variable Assignment Variable Updater Sorter Data Conversion Splitter Filter Script Message Logger Data Mapper Iterator Error Monitoring End Symmetric Encrypt/Decrypt Asymmetric Encrypt/Decrypt XML Verification
