检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using the Encryption SDK to Encrypt and Decrypt Local Files Encryption Software Development Kit (SDK) can encrypt and decrypt data and file streams. You can easily encrypt and decrypt massive amounts of data simply by calling APIs.
Using KMS to Encrypt Secrets Dedicated Distributed Storage Service (DSS) EVS enables you to encrypt data on created disks as required. Keys used by encrypted EVS disks are provided by KMS of DEW, secure and convenient.
Using wrapping key to encrypt key material: Use HSM or OpenSSL to encrypt wrapping key into key material. Importing key material (existing key material): Import key material and token to the created empty key.
The key is used to encrypt and protect DEKs. A custom key can be used to encrypt multiple DEKs. It can be disabled and scheduled for deletion. It is billed per use after the being created or imported.
In this case, A can use B's public key to encrypt the messages, and B can use its private key to decrypt the messages. If you use a private key to encrypt data, the public key can be used to decrypt data.
The sender and receiver use the same key to encrypt and decrypt data. Advantage: Encryption and decryption are fast. Disadvantage: Each pair of keys must be unique, making key management difficult when there are a large number of users. Scenario: Encrypt a large amount of data.
You need to call APIs to encrypt and decrypt a large amount of data.
You can use Dedicated HSM to encrypt your service systems (including encryption of sensitive data, payment, and electronic tickets).
Encrypt Data Decrypt Data You can select multiple grants.
The AES-256 key can be used to encrypt and decrypt a small amount of data or data keys. The HMAC key is used to verify data integrity. Asymmetric keys are created using RSA or ECC algorithms.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Constraints You can specify a symmetric CMK to encrypt secrets. If the kms_key_id parameter is not specified, the default master key csms/default will be used to encrypt the secrets created under your account in a project.
the DEK. kms:cmk:decryptDataKey: Decrypt a DEK. kms:cmk:retireGrant: Retire a grant. kms:cmk:decryptData: Decrypt data. kms:cmk:encryptData: Encrypt data. kms::generateRandom: Generate a random number.
To encrypt or decrypt large volumes of data, such as pictures, videos, and database files, you can use the envelope encryption method, where the data does not need to be transferred over the network. Region: All How Do I Encrypt and Decrypt a Small Amount of Data?
DEW APIs use the HTTPS protocol to encrypt and secure transmission, preventing man-in-the-middle attacks. Parent topic: About DEW
Default Keys: KPS uses the default encryption key kps/default provided by KMS to encrypt private keys. Custom Keys: Select a custom key created on KMS to encrypt the private key. For details, see Creating a Key.
Encrypt the string "hello world!" offline using a public key.
KMS uses the latest version of the custom key to encrypt data. When decrypting data, KMS uses the custom key version that was used to encrypt the data. Rotation Modes Table 1 Key rotation modes Key Type Rotation Mode Default key Cannot be rotated.
Retire the grant. encrypt-data: Encrypt data. decrypt-data: Decrypt data.
Feature Description Phase Document 1 API usage examples Examples of using APIs to encrypt and decrypt data, encrypt and decrypt DEKs, and query key information -- Example 1: Encrypting or Decrypting Data Example 2: Encrypting or Decrypting a DEK Example 3: Querying Information About
