检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Feature Description Phase Document 1 API usage examples Examples of using APIs to encrypt and decrypt data, encrypt and decrypt DEKs, and query key information -- Example 1: Encrypting or Decrypting Data Example 2: Encrypting or Decrypting a DEK Example 3: Querying Information About
If the key resources configured in the custom policy are not limited, the user with the authorization can encrypt and decrypt all keys, which does not meet the minimum security control requirements.
How Do Huawei Cloud Services Use KMS to Encrypt Data? What Are the Benefits of Envelope Encryption? Is There a Limit on the Number of Custom Keys That I Can Create on KMS? Can I Export a CMK from KMS? Can I Decrypt My Data if I Permanently Delete My Custom Key?
Bring Your Own Key (BYOK) Importing keys and deleting key materials Small-size data encryption and decryption Using the online tool to encrypt and decrypt small-size data Signature and verification Signing or verifying the signature of messages or message digests NOTE: This function
Encrypting a DEK Use a specified CMK to encrypt a DEK. Decrypting a DEK Use a specified CMK to decrypt a DEK.
Java Python Go More Create a 512-bit plaintext DEK and encrypt it using the key whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f.
Java Python Go More Create a 512-bit plaintext DEK and encrypt it using the key whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f.
a DEK √ √ Decrypt a DEK √ √ Obtain parameters for importing a key √ √ Import key materials √ √ Delete key materials √ √ Create a grant √ √ Revoke a grant √ √ Retire a grant √ √ Query the grant list √ √ Query retirable grants √ √ Encrypt data √ √ Decrypt data √ √ Send signature messages
× Creating a DEK POST /v1.0/{project_id}/kms/create-datakey kms:dek:create - √ √ Creating a plaintext-free DEK POST /v1.0/{project_id}/kms/create-datakey-without-plaintext kms:dek:create - √ √ Encrypting a DEK POST /v1.0/{project_id}/kms/encrypt-datakey kms:dek:crypto or kms:dek:encrypt
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Services That Support Shared Key Encryption and System-defined Policies If you choose to encrypt created resources using a shared key when purchasing yearly/monthly resources, you need to grant the corresponding policy to the user so that the shared key can be used.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
You can use shared KMS to encrypt the secrets and key pairs in DEW, and create an encryption task for instances in Relational Database Service (RDS), Document Database Service (DDS), and Object Storage Service (OBS).
Huawei Cloud uses encryption keys provided by KMS to encrypt your private keys to ensure secure storage and access.
Use a correct algorithm type. 400 KMS.1114 EC keys do not support to encrypt/decrypt. The key cannot be encrypted or decrypted. Use the correct key for encryption and decryption. 400 KMS.1115 Symmetric keys do not support to sign/verify.
Retire the grant. encrypt-data: Encrypt data. decrypt-data: Decrypt data.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Retire the grant. encrypt-data: Encrypt data. decrypt-data: Decrypt data.
