检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
You need to call APIs to encrypt and decrypt a large amount of data.
Scenarios Encrypt data in OBS Encrypt data in EVS Encrypt data in IMS Encrypt an RDS DB instance Use custom keys to directly encrypt and decrypt small volumes of data.
The sender and receiver use the same key to encrypt and decrypt data. Advantage: Encryption and decryption are fast. Disadvantage: Each pair of keys must be unique, making key management difficult when there are a large number of users. Scenario: Encrypt a large amount of data.
You need to call APIs to encrypt and decrypt a large amount of data.
KMS Application Scenarios KPS Application Scenarios Dedicated HSM Application Scenarios 03 Start Learn how to use a key to encrypt your data on HUAWEI CLOUD and use a key pair to log in to your Linux ECS.
You can use Dedicated HSM to encrypt your service systems (including encryption of sensitive data, payment, and electronic tickets).
Encrypt Data Decrypt Data You can select multiple grants.
Constraints You can specify a symmetric CMK to encrypt secrets. If the kms_key_id parameter is not specified, the default master key csms/default will be used to encrypt the secrets created under your account in a project.
the DEK. kms:cmk:decryptDataKey: Decrypt a DEK. kms:cmk:retireGrant: Retire a grant. kms:cmk:decryptData: Decrypt data. kms:cmk:encryptData: Encrypt data. kms::generateRandom: Generate a random number.
DEW APIs use the HTTPS protocol to encrypt and secure transmission, preventing man-in-the-middle attacks. Parent topic: About DEW
To encrypt or decrypt large volumes of data, such as pictures, videos, and database files, you can use the envelope encryption method, where the data does not need to be transferred over the network. Region: All How Do I Encrypt and Decrypt a Small Amount of Data?
Default Keys: KPS uses the default encryption key kps/default provided by KMS to encrypt private keys. Custom Keys: Select a custom key created on KMS to encrypt the private key. For details, see Creating a Key.
Encrypt the string "hello world!" offline using a public key.
KMS uses the latest version of the custom key to encrypt data. When decrypting data, KMS uses the custom key version that was used to encrypt the data. Rotation Modes Table 1 Key rotation modes Key Type Rotation Mode Default key Cannot be rotated.
Feature Description Phase Document 1 API usage examples Examples of using APIs to encrypt and decrypt data, encrypt and decrypt DEKs, and query key information -- Example 1: Encrypting or Decrypting Data Example 2: Encrypting or Decrypting a DEK Example 3: Querying Information About
Feature Description Phase Document 1 API usage examples Examples of using APIs to encrypt and decrypt data, encrypt and decrypt DEKs, and query key information -- Example 1: Encrypting or Decrypting Data Example 2: Encrypting or Decrypting a DEK Example 3: Querying Information About
If the key resources configured in the custom policy are not limited, the user with the authorization can encrypt and decrypt all keys, which does not meet the minimum security control requirements.
A cross-region key can use the CMKs of multiple regions to encrypt a piece of data and generate unique data ciphertext. To decrypt the data, you simply need to use a key ring that contains one or more available CMKs that were used for encrypting the data.
How Do Huawei Cloud Services Use KMS to Encrypt Data? What Are the Benefits of Envelope Encryption? Is There a Limit on the Number of Custom Keys That I Can Create on KMS? Can I Export a CMK from KMS? Can I Decrypt My Data if I Permanently Delete My Custom Key?
Encrypting a DEK Use a specified CMK to encrypt a DEK. Decrypting a DEK Use a specified CMK to decrypt a DEK.
