检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using KMS to Encrypt Offline Data Encrypting or Decrypting Small Volumes of Data Encrypting or Decrypting a Large Amount of Data Parent topic: Key Management Service
For details about image encryption, see Encrypting Data in IMS. When creating an ECS, you can encrypt added data disks. For details about data disk encryption, see Encrypting Data in IMS.
Application Examples Example 1: Encrypting or Decrypting Small Volumes of Data Example 2: Encrypting or Decrypting Large Volumes of Data Example 3: Querying Information About Keys
Image Management Service (IMS) Encrypting Data in IMS Storage Object Storage Service (OBS) Encrypting Data in OBS Elastic Volume Service (EVS) Encrypting Data in EVS Volume Backup Service (VBS) VBS generally creates online backups for a single EVS disk (system or data disk) of the
For details about image encryption, see Encrypting Data in IMS. When creating an ECS, you can encrypt added data disks. For details about data disk encryption, see Encrypting Data in IMS.
For details about how to encrypt or decrypt a large amount of data, see Encrypting or Decrypting a Large Amount of Data. Parent topic: KMS
Small-Size Data Encryption and Decryption Encrypting Data Decrypting Data Parent Topic: Key Management APIs
For details about image encryption, see Encrypting Data in IMS. When creating an ECS, you can encrypt added data disks. For details about data disk encryption, see Encrypting Data in IMS.
Encrypting a DDS Database After encryption is enabled, disk data will be encrypted and stored on the server when you create a Document Database Service (DDS) database instance or expand disk capacity.
Using a Key Using KMS for Encryption Encrypting and Decrypting Small-size Data Online Using a Custom Key Parent Topic: Key Management Service
DEK Management Generating a Random Number Creating a DEK Creating a Plaintext-free DEK Creating an RSA Data Key Pair Creating an EC Data Key Pair Encrypting a DEK Decrypting a DEK Creating a PIN Parent Topic: Key Management APIs
Key Management Service Using KMS to Encrypt Offline Data Using KMS to Encrypt and Decrypt Data for Cloud Services Using the Encryption SDK to Encrypt and Decrypt Local Files Encrypting and Decrypting Data Through Cross-region DR Using KMS to Protect File Integrity
Table 1 KMS operations supported by CTS Operation Resource Type Event Name Creating a key CMK createKey Creating a DEK CMK createDataKey Creating a plaintext-free DEK CMK createDataKeyWithoutPlaintext Enabling a key CMK enableKey Disabling a key CMK disableKey Encrypting a DEK CMK
Encrypting or Decrypting a Large Amount of Data Key rotation mechanism Keys that are widely or repeatedly used are insecure. DEW allows you to periodically rotate keys and change the key materials to comply with encryption best practices.
Symmetric keys are suitable for encrypting and decrypting data. Asymmetric key ECC EC_P256 EC_P384 Elliptic curve recommended by NIST Digital signature and signature verification Asymmetric key ML-DSA NOTE: To enable the ML-DSA algorithm, submit a service ticket.
Feature Description Phase Document 1 Key import A CMK contains key metadata (key ID, key alias, description, key status, and creation date) and key materials used for encrypting and decrypting data.
Feature Description Phase Document 1 Key import A CMK contains key metadata (key ID, key alias, description, key status, and creation date) and key materials used for encrypting and decrypting data.
Encrypting Data with a DEK KMS does not support data encryption with DEKs. You can use other encryption libraries (for example, OpenSSL) to encrypt data with DEKs. Obtain a plaintext DEK by referring to Creating a DEK. Use the plaintext DEK to encrypt data.
Envelope Encryption Envelope encryption is the practice of encrypting data with a DEK and then encrypting the DEK with a root key that you can fully manage. In this case, CMKs are not required for encryption or decryption. DEK A data encryption key (DEK) is used to encrypt data.
Generating a random number POST /v1.0/{project_id}/kms/gen-random kms:cmk:generate - √ × Creating a DEK POST /v1.0/{project_id}/kms/create-datakey kms:dek:create - √ √ Creating a plaintext-free DEK POST /v1.0/{project_id}/kms/create-datakey-without-plaintext kms:dek:create - √ √ Encrypting
