Li, Qiao d9e750baf4 KMS User Guide 20231019 version.

Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>

2024-06-10 13:07:34 +00:00

1.1 KiB

Raw Permalink Blame History

How Do Cloud Services Use KMS to Encrypt Data?

Services (such as OBS, IMS, EVS, SFS, DDS, and RDS) use the envelope encryption method provided by KMS to protect data.

Envelope encryption is an encryption method that enables DEKs to be stored, transmitted, and used in "envelopes" of CMKs. As a result, CMKs do not directly encrypt and decrypt data.

When users download the data from the cloud, the cloud service uses the CMK specified by KMS to decrypt the ciphertext DEK, use the decrypted DEK to decrypt data, and then provide the decrypted data for users to download.

Parent topic: KMS Related

1.1 KiB Raw Permalink Blame History

How Do Cloud Services Use KMS to Encrypt Data?

1.1 KiB

Raw Permalink Blame History