检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Image Management Service (IMS) When creating a private image using an external image file, you can enable the private image encryption function and select a CMK provided by KMS to encrypt the image.
After being disabled, a CMK cannot be used to encrypt or decrypt any data. Before using a disabled CMK to encrypt or decrypt data, you must enable it by following instructions in Enabling One or Multiple CMKs. Default Master Keys created by KMS cannot be disabled.
After being disabled, a custom key cannot be used to encrypt or decrypt any data. Before using a disabled CMK to encrypt or decrypt data, you must enable it by following instructions in Enabling One or More CMKs. Prerequisites The CMK you want to disable is in Enabled status.
Image Management Service (IMS) When creating a private image using an external image file, you can enable the private image encryption function and select a CMK provided by KMS to encrypt the image.
After being disabled, a custom key cannot be used to encrypt or decrypt any data. Before using a disabled CMK to encrypt or decrypt data, you must enable it by following instructions in Enabling One or More CMKs. Prerequisites The CMK you want to disable is in Enabled status.
You use the downloaded wrappingKey file to encrypt the key material to be imported. Method 1: Use the downloaded wrapping key to encrypt the key material on your HSM. For details, see the operation guide of your HSM. Method 2: Use OpenSSL to encrypt the key material.
Small-Size Data Encryption and Decryption Encrypt data Decrypt data Parent Topic: Key Management APIs
How Do I Use the Online Tool to Encrypt or Decrypt Small Volumes of Data? Can I Update CMKs Created by KMS-Generated Key Materials? When Should I Use a CMK Created with Imported Key Materials? What Should I Do When I Accidentally Delete Key Materials?
Use the online tool to encrypt and decrypt small-size data. Add, search for, edit, and delete tags. Create, cancel, and query grants. You can use the APIs to: Create, encrypt, or decrypt DEKs. Retire grants. Sign or verify the signature of messages or message digests.
DEK Management Generate a random number Create a DEK Create a plaintext-free DEK Encrypt a DEK Decrypt a DEK Parent Topic: Key Management APIs
How Do I Use the Online Tool to Encrypt or Decrypt Small Volumes of Data? Can I Update CMKs Created by KMS-Generated Key Materials? When Should I Use a CMK Created with Imported Key Materials? What Types of Keys Can I Import?
Key Management Service Key Types Creating a Key Creating CMKs Using Imported Key Materials Managing CMKs Searching for a Key Using the Online Tool to Encrypt and Decrypt Small-Size Data Managing Tags Rotating CMKs Managing a Grant
Table 1 DEW operations supported by CTS Operation Resource Type Trace Name Create a key cmk createKey Create a DEK cmk createDataKey Create a plaintext-free DEK cmk createDataKeyWithoutPlaintext Enable a key cmk enableKey Disable a key cmk disableKey Encrypt a DEK cmk encryptDatakey
Key Management Service Key Types Creating a Key Creating CMKs Using Imported Key Materials Managing CMKs Searching for a Key Using the Online Tool to Encrypt and Decrypt Small-Size Data Managing Tags Rotating CMKs Managing a Grant Parent topic: User Guide
KMS Application Scenarios KPS Application Scenarios Dedicated HSM Application Scenarios 03 Start Learn how to use a key to encrypt your data on HUAWEI CLOUD and use a key pair to log in to your Linux ECS.
Use the wrapping key to encrypt the key material.
You can use Dedicated HSM to encrypt your service systems (including encryption of sensitive data, payment, and electronic tickets).
Encrypting a DEK Uses a specified CMK to encrypt a DEK. Decrypting a DEK Uses a specified CMK to decrypt a DEK. Querying the Number of Instances Obtains the number of created CMKs, excluding the default master keys.
Use the wrapping key to encrypt the key material.
KMS uses the latest version of the custom key to encrypt data. When decrypting data, KMS uses the custom key version that was used to encrypt the data. Rotation Modes Table 1 Key rotation modes Key Type Rotation Mode Default key Cannot be rotated.