检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using wrapping key to encrypt key material: Use HSM or OpenSSL to encrypt wrapping key into key material. Importing key material (existing key material): Import key material and token to the created empty key.
You need to call APIs to encrypt and decrypt a large amount of data.
Scenarios Encrypt data in OBS Encrypt data in EVS Encrypt data in IMS Encrypt an RDS DB instance Use custom keys to directly encrypt and decrypt small volumes of data.
The sender and receiver use the same key to encrypt and decrypt data. Advantage: Encryption and decryption are fast. Disadvantage: Each pair of keys must be unique, making key management difficult when there are a large number of users. Scenario: Encrypt a large amount of data.
You need to call APIs to encrypt and decrypt a large amount of data.
You can use Dedicated HSM to encrypt your service systems (including encryption of sensitive data, payment, and electronic tickets).
Encrypt Data Decrypt Data You can select multiple grants.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Constraints You can specify a symmetric CMK to encrypt secrets. If the kms_key_id parameter is not specified, the default master key csms/default will be used to encrypt the secrets created under your account in a project.
the DEK. kms:cmk:decryptDataKey: Decrypt a DEK. kms:cmk:retireGrant: Retire a grant. kms:cmk:decryptData: Decrypt data. kms:cmk:encryptData: Encrypt data. kms::generateRandom: Generate a random number.
DEW APIs use the HTTPS protocol to encrypt and secure transmission, preventing man-in-the-middle attacks. Parent topic: About DEW
To encrypt or decrypt large volumes of data, such as pictures, videos, and database files, you can use the envelope encryption method, where the data does not need to be transferred over the network. Region: All How Do I Encrypt and Decrypt a Small Amount of Data?
Default Keys: KPS uses the default encryption key kps/default provided by KMS to encrypt private keys. Custom Keys: Select a custom key created on KMS to encrypt the private key. For details, see Creating a Key.
Encrypt the string "hello world!" offline using a public key.
KMS uses the latest version of the custom key to encrypt data. When decrypting data, KMS uses the custom key version that was used to encrypt the data. Rotation Modes Table 1 Key rotation modes Key Type Rotation Mode Default key Cannot be rotated.
Retire the grant. encrypt-data: Encrypt data. decrypt-data: Decrypt data.
Feature Description Phase Document 1 API usage examples Examples of using APIs to encrypt and decrypt data, encrypt and decrypt DEKs, and query key information -- Example 1: Encrypting or Decrypting Data Example 2: Encrypting or Decrypting a DEK Example 3: Querying Information About
Feature Description Phase Document 1 API usage examples Examples of using APIs to encrypt and decrypt data, encrypt and decrypt DEKs, and query key information -- Example 1: Encrypting or Decrypting Data Example 2: Encrypting or Decrypting a DEK Example 3: Querying Information About
If the key resources configured in the custom policy are not limited, the user with the authorization can encrypt and decrypt all keys, which does not meet the minimum security control requirements.
How Do Huawei Cloud Services Use KMS to Encrypt Data? What Are the Benefits of Envelope Encryption? Is There a Limit on the Number of Custom Keys That I Can Create on KMS? Can I Export a CMK from KMS? Can I Decrypt My Data if I Permanently Delete My Custom Key?
