检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Using KMS to Encrypt a Disk (Through an API) You can call the required API of EVS to purchase an encrypted EVS disk. For details, see Elastic Volume Service API Reference. Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Using KMS to Encrypt and Decrypt Data for Cloud Services Overview Encrypting Data in ECS Encrypting Data in EVS Encrypting Data in IMS Encrypting Data in OBS Encrypting an RDS DB Instance Encrypting a DDS DB Instance Parent topic: Key Management Service
This section describes how to use default KMS keys to encrypt IMS image files. Solution Architecture Figure 1 describes how to use KMS to encrypt an IMS image file.
Step 2: Creating a Key With KMS, you can create keys and use the keys to encrypt files to be uploaded on the OBS server. Step 3: Uploading Files to an OBS Bucket Upload files to the OBS bucket and use the KMS key encrypt the files.
When creating an ECS, you can encrypt added data disks. For details about how to encrypt an image, see Encrypting Data in IMS. For details about how to encrypt a data disk, see Encrypting Data in EVS. Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
The ciphertext DEK was generated by using a CMK to encrypt the plaintext DEK. Use the plaintext DEK to encrypt a plaintext file, generating a ciphertext file. Store the ciphertext DEK and the ciphertext file together in a permanent storage device or a storage service.
Using the Encryption SDK to Encrypt and Decrypt Local Files You can use certain algorithms to encrypt your files, protecting them from being breached or tampered with. Encryption SDK is a client password library that can encrypt and decrypt data and file streams.
For details about how to use KMS to encrypt and decrypt data, see Using KMS to Encrypt and Decrypt Data for Cloud Services. Parent topic: KMS Related
Using KMS to Encrypt Offline Data Encrypting or Decrypting Small Volumes of Data Encrypting or Decrypting a Large Amount of Data Parent topic: Key Management Service
Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Encrypting or Decrypting a Large Amount of Data Scenario If you want to encrypt or decrypt large volumes of data, such as pictures, videos, and database files, you can use envelope encryption, which allows you to encrypt and decrypt files without having to transfer a large amount
Parent topic: Using KMS to Encrypt Offline Data
Encrypting Data Function Description: This API is used to encrypt data by using a specified CMK. Constraints If you use an asymmetric key to encrypt data, record the selected key ID and encryption algorithm.
Encrypting a DEK Function Description: This API is used to encrypt a DEK by using a specified CMK.
A data encryption key (DEK) is used to encrypt data. Using KMS, you can create, encrypt, and decrypt DEKs. The KMS system does not save, manage, or track your DEKs, neither does it use the DEKs to encrypt or decrypt data.
You can only use KMS to create new CMKs to encrypt and decrypt data. Parent topic: KMS Related
When creating an ECS, you can encrypt added data disks.
It can be used to encrypt a small amount of data or encrypt DEKs. An asymmetric key can be an RSA key pair or an ECC key pair, which can be used for data encryption and decryption, digital signature, and signature verification.