检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Encrypting Data in OBS Scenario You can use KMS to encrypt all or certain objects in an OBS bucket. When you use KMS encryption in OBS, KMS envelope encryption ensures data encryption and decryption without transmitting a large amount of data over the network.
Encrypting Data in EVS KMS encrypts created cloud disks to ensure data security. The encryption attribute of a disk cannot be changed after the disk is created. For details about how to create an encrypted disk, see Purchasing an EVS Disk.
Encrypting Data in IMS You can use KMS encryption to create private images in Image Management Service (IMS) to securely store data.
Encrypting and Decrypting Data Through Cross-region DR Scenario If a fault occurs during encryption or decryption in a region, you can use KMS to implement cross-region DR encryption and decryption, ensuring service continuity.
For details about how to encrypt an image, see Encrypting Data in IMS. For details about how to encrypt a data disk, see Encrypting Data in EVS. Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Example 2: Encrypting or Decrypting Large Volumes of Data Scenario Encrypt or decrypt a large amount of data. Encryption process: Create a CMK in KMS. Call the create-datakey API of the KMS to create a DEK. A plaintext DEK and a ciphertext DEK will be generated.
Encrypting an RDS DB Instance Overview Relational Database Service (RDS) supports MySQL and PostgreSQL engines. After encryption is enabled, disk data will be encrypted and stored on the server when you create a DB instance or expand disk capacity.
Example 1: Encrypting or Decrypting Small Volumes of Data Scenario Encrypt or decrypt data not larger than 4 KB, such as passwords, certificates, and phone numbers, by using a tool on the console or calling an API.
Encrypting a DDS DB Instance Overview After encryption is enabled, disk data will be encrypted and stored on the server when you create a DB instance or expand disk capacity.
Encrypting a DEK Encrypt a DEK with the specified master key. Decrypting a DEK Decrypt a DEK with the specified master key. Encrypting a Local File Create a CMK on the management console. For details, see Creating a CMK. Prepare basic authentication information.
Figure 1 Encrypting data Click Execute. The encrypted data is displayed in the Encryption/Decryption Result area. Use the current CMK to encrypt the data. To clear your input, click Clear.
Figure 3 Encrypting and decrypting an HTTPS certificate The procedure is as follows: Create a CMK on KMS. Call the KMS API for encrypting a data key and use the specified CMK to encrypt the plaintext certificate. Deploy the certificate onto a server.
Encrypting Data Function This API is used to encrypt data using a specified CMK. Constraints If you use an asymmetric key for encryption, record the key ID and encryption algorithm, which are required for decryption.
Encrypting a DEK Function This API is used to encrypt a DEK using a specified CMK. Calling Method For details, see Calling APIs.
Using KMS to Encrypt and Decrypt Data for Cloud Services Overview Encrypting Data in ECS Encrypting Data in EVS Encrypting Data in IMS Encrypting Data in OBS Encrypting an RDS DB Instance Encrypting a DDS DB Instance Parent topic: Key Management Service
Envelope encryption is the practice of encrypting data with a DEK and then encrypting the DEK with a root key that you can fully manage. In this case, CMKs are not required for encryption or decryption.
Helpful Links Document Link Best Practices Encrypting or Decrypting Small Volumes of Data Encrypting or Decrypting a Large Amount of Data API Example Encrypting or Decrypting Small Volumes of Data Encrypting or Decrypting a Large Amount of Data Parent topic: KMS
Generally, KMS provides open APIs encrypt-data and decrypt-data for encrypting and decrypting a small volume of data. The calculation of the APIs is based on KMS, which wraps the ciphertext. So offline data encryption and decryption are not supported.
Encrypting Data in ECS Encrypting Data in OBS Encrypting Data in EVS Encrypting Data in IMS Encrypting an RDS DB Instance Encrypting a DDS DB Instance
Envelope encryption is the practice of encrypting data with a DEK and then encrypting the DEK with a root key that you can fully manage. In this case, CMKs are not required for encryption or decryption.
