检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The managed private keys are encrypted by the keys provided by KMS, ensuring security for storage, import, and export of the private keys. Scenarios: Manage both local and cloud keys on the KPS console.
The managed private keys are encrypted by the keys provided by KMS, ensuring security for storage, import, and export of the private keys. Scenarios: Manage both local and cloud keys on the KPS console.
final String REGION_1 = "<region1>"; private static final String KEYID_1 = "<keyId1>"; public static final String PROJECT_ID_2 = "<projectId2>"; public static final String REGION_2 = "<region2>"; public static final String KEYID_2 = "<keyId2>"; // Data to be encrypted
These keys are used for digital signature verification and encrypted transmission of sensitive information. Procedure This section uses the AES-256 symmetric key and RSA-2048 asymmetric key as examples to describe how to create a key and bind it to a cloud service.
Table 5 KeyProtection Parameter Mandatory Type Description private_key No String Private key of the imported SSH key pair. encryption Yes Encryption object How a private key is encrypted and stored.
Confidential information will be stolen, encrypted channels will be intercepted, and signatures will be forged. Backend configuration file Store system architecture and other service information, such as database IP addresses and passwords.
Table 6 KeyProtection Parameter Mandatory Type Description private_key No String Private key of the imported SSH key pair. encryption Yes Encryption object How a private key is encrypted and stored.
So public keys can be encrypted offline while private keys are decrypted online. The following shows an example: RSA_3072 is used for ENCRYPT_DECRYPT. After a public key is used to encrypt "hello world!" offline, decrypt-data is called to decrypt the message using a private key.
Only one of private_key_plain_text, wrapped_private_key, and ciphertext_recipient can have a value. wrapped_private_key String Ciphertext private key encrypted using the custom private key.
Only one of private_key_plain_text, wrapped_private_key, and ciphertext_recipient can have a value. wrapped_private_key String Ciphertext private key encrypted using the custom private key.
If an asymmetric key is imported, this parameter is used as a temporary intermediate key during private key encryption. encrypted_privatekey No String Private key encrypted using a temporary intermediate key. Specify this parameter if an asymmetric key is imported.
sale (POS) systems Signature verification server Signing and signature verification Encoding and decoding of digital envelopes Encoding and decoding of signed digital envelopes Certificate verification Signature usage in Certificate Authority (CA) systems, certificate verification, encrypted
Each pair of CMK and replica key share the same key materials, so that data encrypted in a region can be decrypted in another. You can manage keys of multiple regions, edit replica key alias, enable, disable, tag, and authorize replica keys.
The backup file is encrypted and encoded and cannot be directly read.
The content encrypted using the key and the generated data key cannot be decrypted. Before deleting a key, ensure that it is no longer in use. Otherwise, your service will be unavailable.
If the CMK of a secret is updated, only the secret versions created after the update will be encrypted using the new CMK. The secret versions earlier than the update are still decrypted using the old CMK ID. description No String Description of a secret.
The key cannot be encrypted or decrypted. Use the correct key for encryption and decryption. 400 KMS.1115 Symmetric keys do not support to sign/verify. Signature verification is not supported for symmetric keys.
Secret Value Secret key/value pair or the plaintext secret to be encrypted Secret value, the detailed content of a secret, is used to verify user identity or authorization during authentication. It can be of various forms, depending on the used authentication mechanism.
After a key is deleted, the data encrypted using the key cannot be decrypted. Canceling the scheduled deletion of a key Cancel a scheduled deletion of a key. Once the deletion is cancelled, the key can be used. Modifying the key alias Change the alias of a CMK.
string with at most 128 bytes. sequence No String A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff Response Parameters Status code: 200 Table 4 Response body parameters Parameter Type Description key_id String Key ID. cipher_text String Encrypted
