Updated on 2023-04-27 GMT+08:00

Functions

Dedicated HSM is a cloud service used for encryption, decryption, signature, signature verification, key generation, and the secure storage of keys.

Dedicated HSM provides encryption hardware, guaranteeing data security and integrity on Elastic Cloud Servers (ECSs) and meeting FIPS 140-2 requirements. Dedicated HSM offers you a secure and reliable management for the keys generated by your instances, and uses multiple algorithms for data encryption and decryption.

Functions

Dedicated HSM provides the following capabilities:

  • Generation, storage, import, export, and management of encryption keys (both symmetric and asymmetric keys)
  • Data encryption and decryption by using symmetric and asymmetric algorithms
  • Using cryptographic hash functions to calculate message digests and hash-based message authentication code
  • Signing data and code in encrypted mode and verifying signature
  • Random data generation in encrypted mode

Supported Cryptography Algorithms

You can use Chinese cryptographic algorithms and certain international common cryptographic algorithms to meet various user requirements.

Table 1 Supported cryptography algorithms

Category

Common Cryptographic Algorithm

Symmetric cryptographic algorithm

AES

Asymmetric cryptographic algorithm

RSA, DSA, ECDSA, DH, and ECDH

Digest algorithm

SHA1, SHA256, and SHA384