yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
a41a4e0331fbc0beff63bb28fa59228cc9a751df
doc-exports/docs/kms/umn/dew_01_7775.html
qinweiwei 3e4721c813 KMS UMN 20251111 version 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qinweiwei <qinweiwei@huawei.com>
Co-committed-by: qinweiwei <qinweiwei@huawei.com>
2026-01-19 09:05:54 +00:00

82 lines
9.1 KiB
HTML
Raw Blame History

<a name="dew_01_7775"></a><a name="dew_01_7775"></a>
<h1 class="topictitle1">Key Types</h1>
<div id="body0000001128747670"><div class="section" id="dew_01_7775__section896910279106"><h4 class="sectiontitle">Master Key</h4><p id="dew_01_7775__p13146104013102">A master key, the highest level of keys in a cryptographic system, generates and manages other keys, including session keys and data encryption keys, or directly encrypts important data. It is vital to protect its security and confidentiality. Once a master key is leaked, the entire cryptographic system may be severely threatened.</p>
<p id="dew_01_7775__p116351424143814"><strong id="dew_01_7775__b141821513412">A master key features the following</strong>:</p>
<ul id="dew_01_7775__ul1314025319386"><li id="dew_01_7775__li414075313810"><strong id="dew_01_7775__b1421017278415">High security</strong>: A master key is generally the most sensitive key in a system and needs to be strictly protected. It is usually stored in a secure hardware device, such as an HSM.</li><li id="dew_01_7775__li21401853173811"><strong id="dew_01_7775__b1918872510515">Long-term use</strong>: A master key has a long lifecycle and will not be frequently changed to ensure system stability and consistency.</li><li id="dew_01_7775__li91406531386"><strong id="dew_01_7775__b2034115171861">Multi-usage</strong>: A master key can be used for various encryption operations, including subkey generation, data encryption, and signature verification.</li><li id="dew_01_7775__li1814095313811"><strong id="dew_01_7775__b230711591964">Uniqueness</strong>: A master key is unique in a cryptographic system. In a distributed system, each node or region may have its own master key.</li></ul>
<p id="dew_01_7775__p1825551765815">Master keys include <strong id="dew_01_7775__b11380201483">custom keys</strong> and <strong id="dew_01_7775__b77719312810">default keys</strong>. You can create, view, enable, disable, schedule the deletion of, and cancel the deletion of custom keys.</p>
<div class="p" id="dew_01_7775__p7393229195910">Custom keys can be categorized into symmetric keys and asymmetric keys.<ul id="dew_01_7775__ul89059185441"><li id="dew_01_7775__li990571811447">Symmetric keys are most commonly used for data encryption protection.</li><li id="dew_01_7775__li7905101804414">Asymmetric keys are used for digital signature verification or sensitive information encryption in systems where the trust relationship is not mutual. An asymmetric key consists of a public key and a private key. The public key can be sent to anyone. The private key must be securely stored and only accessible to trusted users.</li><li id="dew_01_7775__li16905818154418">An asymmetric key can be used to generate and verify a signature. To securely transfer data, a signer sends the public key to a receiver, uses the private key to sign data, and then sends the data and signature to the receiver. The receiver can use the public key to verify the signature.</li></ul>
</div>
</div>
<div class="section" id="dew_01_7775__section17163201516199"><h4 class="sectiontitle">Key Algorithms Supported by KMS</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="dew_01_7775__table0624027274" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Key algorithms supported by KMS</caption><thead align="left"><tr id="dew_01_7775__dew_01_0001_row1062492152718"><th align="left" class="cellrowborder" valign="top" width="19.79%" id="mcps1.3.2.2.2.6.1.1"><p id="dew_01_7775__dew_01_0001_p6624525278">Key Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.84%" id="mcps1.3.2.2.2.6.1.2"><p id="dew_01_7775__dew_01_0001_p126241216278">Algorithm Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="22.27%" id="mcps1.3.2.2.2.6.1.3"><p id="dew_01_7775__dew_01_0001_p1262442102713">Key Specifications</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20.1%" id="mcps1.3.2.2.2.6.1.4"><p id="dew_01_7775__dew_01_0001_p062416292712">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.2.2.6.1.5"><p id="dew_01_7775__dew_01_0001_p12624827271">Application Scenario</p>
</th>
</tr>
</thead>
<tbody><tr id="dew_01_7775__dew_01_0001_row1762412272713"><td class="cellrowborder" valign="top" width="19.79%" headers="mcps1.3.2.2.2.6.1.1 "><p id="dew_01_7775__dew_01_0001_p13624162172711">Symmetric key</p>
</td>
<td class="cellrowborder" valign="top" width="17.84%" headers="mcps1.3.2.2.2.6.1.2 "><p id="dew_01_7775__dew_01_0001_p462412152717">AES</p>
</td>
<td class="cellrowborder" valign="top" width="22.27%" headers="mcps1.3.2.2.2.6.1.3 "><p id="dew_01_7775__dew_01_0001_p146244272717">AES_256</p>
</td>
<td class="cellrowborder" valign="top" width="20.1%" headers="mcps1.3.2.2.2.6.1.4 "><p id="dew_01_7775__dew_01_0001_p86241925279">AES symmetric key</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.2.2.6.1.5 "><ul id="dew_01_7775__dew_01_0001_ul15153158575"><li id="dew_01_7775__dew_01_0001_li115388577">Data encryption and decryption</li><li id="dew_01_7775__dew_01_0001_li13153181270">DEKs encryption and decryption<div class="note" id="dew_01_7775__dew_01_0001_note1372720189158"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="dew_01_7775__dew_01_0001_p195293671611">You can encrypt and decrypt a small amount of data using the online tool on the console.</p>
<p id="dew_01_7775__dew_01_0001_p19728161831512">You need to call APIs to encrypt and decrypt a large amount of data.</p>
</div></div>
</li></ul>
</td>
</tr>
<tr id="dew_01_7775__dew_01_0001_row25853341815"><td class="cellrowborder" valign="top" width="19.79%" headers="mcps1.3.2.2.2.6.1.1 "><p id="dew_01_7775__dew_01_0001_p1759103319185">Digest key</p>
</td>
<td class="cellrowborder" valign="top" width="17.84%" headers="mcps1.3.2.2.2.6.1.2 "><p id="dew_01_7775__dew_01_0001_p185973320186">SHA</p>
</td>
<td class="cellrowborder" valign="top" width="22.27%" headers="mcps1.3.2.2.2.6.1.3 "><ul id="dew_01_7775__dew_01_0001_ul12847123214192"><li id="dew_01_7775__dew_01_0001_li0847432101920">HMAC_256</li><li id="dew_01_7775__dew_01_0001_li873494210199">HMAC_384</li><li id="dew_01_7775__dew_01_0001_li199611657141910">HMAC_512</li></ul>
</td>
<td class="cellrowborder" valign="top" width="20.1%" headers="mcps1.3.2.2.2.6.1.4 "><p id="dew_01_7775__dew_01_0001_p459143361817">Digest key</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.2.2.6.1.5 "><ul id="dew_01_7775__dew_01_0001_ul173801592042"><li id="dew_01_7775__dew_01_0001_li738013599414">Data tampering prevention</li><li id="dew_01_7775__dew_01_0001_li53921875519">Data integrity verification</li></ul>
</td>
</tr>
<tr id="dew_01_7775__dew_01_0001_row51341950153118"><td class="cellrowborder" rowspan="2" valign="top" width="19.79%" headers="mcps1.3.2.2.2.6.1.1 "><p id="dew_01_7775__dew_01_0001_p17135145013312">Asymmetric key</p>
</td>
<td class="cellrowborder" valign="top" width="17.84%" headers="mcps1.3.2.2.2.6.1.2 "><p id="dew_01_7775__dew_01_0001_p121351050163112">RSA</p>
</td>
<td class="cellrowborder" valign="top" width="22.27%" headers="mcps1.3.2.2.2.6.1.3 "><ul id="dew_01_7775__dew_01_0001_ul858832973417"><li id="dew_01_7775__dew_01_0001_li11588429113412">RSA_2048</li><li id="dew_01_7775__dew_01_0001_li5589132917341">RSA_3072</li><li id="dew_01_7775__dew_01_0001_li340620263353">RSA_4096</li></ul>
</td>
<td class="cellrowborder" valign="top" width="20.1%" headers="mcps1.3.2.2.2.6.1.4 "><p id="dew_01_7775__dew_01_0001_p1613595015317">RSA asymmetric password</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.2.2.6.1.5 "><ul id="dew_01_7775__dew_01_0001_ul9805101045314"><li id="dew_01_7775__dew_01_0001_li16805510135314">Digital signature and signature verification</li><li id="dew_01_7775__dew_01_0001_li38051110145311">Data encryption and decryption<div class="note" id="dew_01_7775__dew_01_0001_note11881237111318"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="dew_01_7775__dew_01_0001_p178819371135">Asymmetric keys are applicable to signature and signature verification scenarios. Asymmetric keys are not efficient enough for data encryption. Symmetric keys are suitable for encrypting and decrypting data.</p>
</div></div>
</li></ul>
</td>
</tr>
<tr id="dew_01_7775__dew_01_0001_row037145343118"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.6.1.1 "><p id="dew_01_7775__dew_01_0001_p14371539318">ECC</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.6.1.2 "><ul id="dew_01_7775__dew_01_0001_ul384511534343"><li id="dew_01_7775__dew_01_0001_li8845053133410">EC_P256</li><li id="dew_01_7775__dew_01_0001_li38451531342">EC_P384</li></ul>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.6.1.3 "><p id="dew_01_7775__dew_01_0001_p43795363116">Elliptic curve recommended by NIST</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.6.1.4 "><p id="dew_01_7775__dew_01_0001_p1537145343114">Digital signature and signature verification</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dew_01_0177.html">Key Management Service</a></div>
</div>
</div>
View Git Blame Copy Permalink