yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
main
doc-exports/docs/kms/umn/dew_01_0022.html
qinweiwei 3e4721c813 KMS UMN 20251111 version 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qinweiwei <qinweiwei@huawei.com>
Co-committed-by: qinweiwei <qinweiwei@huawei.com>
2026-01-19 09:05:54 +00:00

7.3 KiB
Raw Permalink Blame History

Using the Online Tool to Encrypt and Decrypt Small-Size Data

This section describes how to use the online tool to encrypt or decrypt small-size data (4 KB or smaller) on the KMS console.

Prerequisites

The custom key is in Enabled status.

Constraints

  • Default keys cannot be used to encrypt or decrypt such data with the tool.
  • Asymmetric keys cannot be used to encrypt or decrypt such data with the tool.
  • You can call an API to use a default key to encrypt or decrypt small volumes of data. For details, see the Key Management Service API Reference.
  • Use the current CMK to encrypt the data.
  • Exercise caution when you delete a CMK. The online tool cannot decrypt data if the CMK used for encryption has been deleted.
  • After an API is called to encrypt data, the online tool cannot be used to decrypt the data.

Encrypting Data

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click on the left and choose Security > Key Management Service.
  4. Click the name of the target custom key to access the key details page. Click the Tool tab.
  5. Click Encrypt. In the text box on the left, enter the data to be encrypted, as shown in Figure 1.

    Figure 1 Encrypting data

  6. Click Execute. Ciphertext of the data is displayed in the text box on the right.

    • Use the current CMK to encrypt the data.
    • To clear your input, click Clear.
    • To copy the encrypted data, click Copy to Clipboard. You can then paste and save it to a local file.

Decrypting Data

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click on the left and choose Security > Key Management Service.
  1. You can click any non-default key in Enabled status to go to the encryption and decryption page of the online tool.
  2. Click Decrypt and enter the data to be decrypted in the text box, as shown in Figure 2.

    • The tool will identify the original encryption CMK and use it to decrypt the data.
    • If the key has been deleted, the decryption will fail.
    Figure 2 Decrypting data

  3. Click Execute. Plaintext of the data is displayed in the text box on the right.

    • You can click Copy to Clipboard to copy the plaintext and save it in a local file.
    • Enter the plaintext on the console, the text will be encoded to Base64 format before encryption.

      The decryption result returned via API will be in Base64 format. Perform Base64 decoding to obtain the plaintext entered on the console.

Parent topic: Key Management Service