检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
These keys are used for digital signature verification and encrypted transmission of sensitive information. Procedure This section uses the AES-256 symmetric key and RSA-2048 asymmetric key as examples to describe how to create a key and bind it to a cloud service.
The import private keys are encrypted by the keys provided by KMS, ensuring security for storage, import, and export of the private keys. You can download the private keys from the management console whenever you need.
Table 9 ImportPrivateKeyProtection Parameter Type Description private_key String Private key of the imported SSH key pair. encryption Encryption object How a private key is encrypted and stored.
The value is encrypted and stored in the initial version of the secret. Type: Base64-encoded binary data object Constraint: Either secret_binary or secret_string must be configured. The maximum size is 32 KB. secret_string No String Value of a new secret.
So public keys can be encrypted offline while private keys are decrypted online. The following shows an example: RSA_3072 is used for ENCRYPT_DECRYPT. After a public key is used to encrypt "hello world!" offline, decrypt-data is called to decrypt the message using a private key.
The content encrypted using the key and the generated data key cannot be decrypted. Before deleting a key, ensure that it is no longer in use. Otherwise, your service will be unavailable.
The key cannot be encrypted or decrypted. Use the correct key for encryption and decryption. 400 KMS.1115 Symmetric keys do not support to sign/verify. Signature verification is not supported for symmetric keys.
Table 5 KeyProtection Parameter Mandatory Type Description private_key No String Private key of the imported SSH key pair. encryption Yes Encryption object How a private key is encrypted and stored.
After a key is deleted, the data encrypted using the key cannot be decrypted. Canceling the scheduled deletion of a key Cancel a scheduled deletion of a key. Once the deletion is cancelled, the key can be used. Modifying the key alias Change the alias of a CMK.
The backup file is encrypted and encoded and cannot be directly read.
Table 6 KeyProtection Parameter Mandatory Type Description private_key No String Private key of the imported SSH key pair. encryption Yes Encryption object How a private key is encrypted and stored.
Secret Value Secret key/value pair or the plaintext secret to be encrypted Secret value, the detailed content of a secret, is used to verify user identity or authorization during authentication. It can be of various forms, depending on the used authentication mechanism.
If the CMK of a secret is updated, only the secret versions created after the update will be encrypted using the new CMK. The secret versions earlier than the update are still decrypted using the old CMK ID. description No String Description of a secret.
Using a Key to Encrypt Data in OBS DEW is a cloud data encryption service. Key Management Service (KMS) provided by DEW is a secure, reliable, and easy-to-use cloud service that can help you manage and protect keys in a centralized manner. With KMS, you can create keys and use the
Using KMS to Encrypt Offline Data Encrypting or Decrypting Small Volumes of Data Encrypting or Decrypting a Large Amount of Data Parent topic: Key Management Service
Using KMS to Encrypt and Decrypt Data for Cloud Services Overview Encrypting Data in ECS Encrypting Data in EVS Encrypting Data in IMS Encrypting Data in OBS Encrypting an RDS DB Instance Encrypting a DDS DB Instance Parent topic: Key Management Service
How Do Huawei Cloud Services Use KMS to Encrypt Data? Generally, Huawei Cloud services use KMS envelope encryption to protect user data. Envelope encryption is the practice of encrypting data with a DEK and then encrypting the DEK with a root key that you can fully manage. In this
