Help Center> Data Encryption Workshop> FAQs> General> What Cryptography Algorithms Does DEW Use?
Updated on 2023-05-30 GMT+08:00
View PDF

What Cryptography Algorithms Does DEW Use?

Key Algorithms Supported by KMS

Symmetric keys created on the KMS console use the AES-256 algorithm. Asymmetric keys created by KMS support the RSA and ECC algorithms.

Table 1 Key algorithms supported by KMS

Key Type

Algorithm Type

Key Specifications

Description

Usage

Symmetric key

AES

AES_256

AES symmetric key

Encrypts and decrypts a small amount of data or data keys.

Table 2 describes the key wrapping encryption and decryption algorithms supported by imported keys.

Table 2 Key wrapping algorithms

Algorithm

Description

Configuration

RSAES_OAEP_SHA_256

RSA algorithm that uses OAEP and has the SHA-256 hash function

Select an algorithm based on your HSM functions.

If the HSMs support the RSAES_OAEP_SHA_256 algorithm, use RSAES_OAEP_SHA_256 to encrypt key materials.

NOTICE:

The RSAES_OAEP_SHA_1 algorithm is no longer secure. Exercise caution when performing this operation.

RSAES_OAEP_SHA_1

RSA algorithm that uses Optimal Asymmetric Encryption Padding (OAEP) and has the SHA-1 hash function

KPS supported cryptography algorithms

  • The SSH key pairs created on the management console support the following cryptographic algorithms:
    • ssh-ed25519
    • ecdsa-sha2-nistp256
    • ecdsa-sha2-nistp384
    • ecdsa-sha2-nistp521
    • ssh-rsa. The maximum valid length is 2048,3072,4096.
  • The SSH keys imported to the KPS console support the following cryptographic algorithms:
    • ssh-dss
    • ssh-ed25519
    • ecdsa-sha2-nistp256
    • ecdsa-sha2-nistp384
    • ecdsa-sha2-nistp521
    • ssh-rsa. The maximum valid length is 2048,3072,4096.

Supported Cryptography Algorithms

You can use Chinese cryptographic algorithms and certain international common cryptographic algorithms to meet various user requirements.

Table 3 Supported cryptography algorithms

Category

Common Cryptographic Algorithm

Symmetric cryptographic algorithm

AES

Asymmetric cryptographic algorithm

RSA, DSA, ECDSA, DH, and ECDH

Digest algorithm

SHA1, SHA256, and SHA384
Parent topic: General

General FAQs

more