检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Encrypting and Decrypting Small Data Online This section describes how to use an online tool to encrypt and decrypt data less than or equal to 4 KB on the KMS console. The online tool cannot encrypt or decrypt small data by using Default Master Keys.
A data encryption key (DEK) is used to encrypt data. Parent topic: FAQs
A data encryption key (DEK) is used to encrypt data. Parent topic: KMS Related
A data encryption key (DEK) is used to encrypt data. Parent topic: KMS Related
It is used to encrypt and protect DEKs. One CMK can be used to encrypt one or more DEKs. CMKs are categorized into custom keys and default keys. Custom keys Keys created or imported by users on the KMS console.
It is used to encrypt and protect DEKs. One CMK can be used to encrypt one or more DEKs. CMKs are categorized into custom keys and default keys. Custom keys Keys created or imported by users on the KMS console.
DEK Data Encryption Keys (DEKs) are used by users to encrypt data. Parent topic: Concepts
With KMS, you can create keys and use the keys to encrypt files to be uploaded on the OBS server. Step 1: Set the environment. 1. Log in to the management console. Click Service List on the top navigation bar, and choose Storage > Object Storage Service. 2.
The ciphertext DEK was generated by using a CMK to encrypt the plaintext DEK. Use the plaintext DEK to encrypt a plaintext file, generating a ciphertext file. Store the ciphertext DEK and the ciphertext file together in a permanent storage device or a storage service.
You can only use KMS to create new CMKs to encrypt and decrypt data. Parent topic: KMS Related
You can only use KMS to create new CMKs to encrypt and decrypt data. Parent topic: KMS Related
Creates a new secret version in the specified secret to encrypt and store secret values randomly generated in the background. At the same time, the newly created secret version is marked as SYSCURRENT. Constraints The RotateSecret API does not support rotation of common secrets.
As a result, CMKs are not used to directly encrypt and decrypt data. Parent topic: Concepts
This section describes how to call a KMS API and use a CMK to encrypt or decrypt data. Process: Create a CMK in KMS. Call the encrypt-data API of KMS to encrypt plaintext data by using a CMK. Deploy ciphertext certificates on your servers.
Encrypting Data in DDS When a user purchases a database instance from DDS, the user can select Disk encryption and use the key provided by KMS to encrypt the disk of the database instance. For more information, see the Document Database Service User Guide.
You can create a new version of a secret to encrypt and keep a new secret value. By default, The latest secret version in SYSCURRENT state. The previous version is in the SYSPREVIOUS state. Constraints A secret can have up to 20 versions.
Ciphertext DEKs are generated when you use a CMK to encrypt the plaintext DEKs. Cloud services use the plaintext DEK to encrypt a plaintext file, generating a ciphertext file.
The ciphertext DEK was generated by using a custom key to encrypt the plaintext DEK. Use the plaintext DEK to encrypt the file. A ciphertext file is generated. Save the ciphertext DEK and the ciphertext file together in a persistent storage device or a storage service.
You can create a new version of a secret to encrypt and keep a new secret value. By default, The latest secret version in SYSCURRENT state. The previous version is in the SYSPREVIOUS state. Constraints A secret can have up to 20 versions.
Encrypting Data in DDS When a user creates a database instance from DDS, the user can select Disk encryption and use the key provided by KMS to encrypt the disk of the database instance. For more information, see the Document Database Service User Guide.