检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a Secret Version Function Creates a new secret version in the specified secret to encrypt and keep the new secret value. By default, The latest secret version in SYSCURRENT state. The previous version is in the SYSPREVIOUS state.
You can create a new version of a secret to encrypt and keep a new secret value. By default, The latest secret version in SYSCURRENT state. The previous version is in the SYSPREVIOUS state.
Java Python Go More Encrypt the plaintext hello world using the CMK whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f and add 123aad as the associated data.
For symmetric keys, the same key is used to encrypt and decrypt data, which is fast and efficient, suitable for encrypting a large amount of data. For asymmetric keys, a key pair, that is, a public key and a private key, are used for encryption and decryption.
It can be used to encrypt a small amount of data or DEKs. An asymmetric key is a RSA key or an ECC key pair (including SM2 key pair). It can be used for data encryption and decryption, digital signature, and signature verification.
Advantages Extensive Service Integration By integrating with OBS, EVS, and IMS, you can use KMS to manage the keys of the services or use KMS APIs to encrypt and decrypt local data.
You need to call APIs to encrypt and decrypt a large amount of data.
For details about how to encrypt or decrypt a large amount of data, see Encrypting or Decrypting a Large Amount of Data. Parent topic: KMS
Creating a PIN Function This API is used to create a PIN, which is used to create and encrypt a DEK in the level-4 cryptography testing scenario. Calling Method For details, see Calling APIs.
Encrypting a DEK Function This API is used to encrypt a DEK using a specified CMK. Calling Method For details, see Calling APIs.
Billing Examples Billing Scenario A user created a symmetric key at 14:25:00 on May 18, 2023 and used the key to encrypt OBS. During the use of the key, 164,573 API requests were generated. The user stopped using the key and deleted it at 16:14:00 on June 29, 2023.
Ciphertext DEKs are generated when you use a CMK to encrypt the plaintext DEKs. Huawei Cloud services use the plaintext DEK to encrypt a plaintext file, generating a ciphertext file.
Using KMS to Encrypt Secrets Dedicated Distributed Storage Service (DSS) EVS enables you to encrypt data on created disks as required. Keys used by encrypted EVS disks are provided by KMS of DEW, secure and convenient.
Key Management Service Using KMS to Encrypt Offline Data Using KMS to Encrypt and Decrypt Data for Cloud Services Using the Encryption SDK to Encrypt and Decrypt Local Files Encrypting and Decrypting Data Through Cross-region DR Using KMS to Protect File Integrity
Benefits: Advantages over CMK encryption in KMS Users can use CMKs to encrypt and decrypt data on the KMS console or by calling KMS APIs. A CMK can encrypt and decrypt data no more than 4 KB. An envelope can encrypt and decrypt larger volumes of data.
The ciphertext DEK is generated when you use a CMK to encrypt the plaintext DEK. Use the plaintext DEK to encrypt the file. A ciphertext file is generated. Save the ciphertext DEK and the ciphertext file together in a persistent storage device or a storage service.
Using the Encryption SDK to Encrypt and Decrypt Local Files Encryption Software Development Kit (SDK) can encrypt and decrypt data and file streams. You can easily encrypt and decrypt massive amounts of data simply by calling APIs.
Using KMS to Encrypt Secrets Dedicated Distributed Storage Service (DSS) EVS enables you to encrypt data on created disks as required. Keys used by encrypted EVS disks are provided by KMS of DEW, secure and convenient.
In this case, A can use B's public key to encrypt the messages, and B can use its private key to decrypt the messages. If you use a private key to encrypt data, the public key can be used to decrypt data.
The key is used to encrypt and protect DEKs. A custom key can be used to encrypt multiple DEKs. It can be disabled and scheduled for deletion. It is billed per use after the being created or imported.
