Updated on 2026-07-06 GMT+08:00

Introduction to Key Pairs

Key Pairs

Key pairs (SSH key pairs) are a set of security credentials for identity authentication when you remotely log in to FlexusX instances.

A key pair consists of a public key and a private key. Key Pair Service (KPS) stores the public key and you store the private key. If you have bound a public key to a Linux instance, you can use the corresponding private key, rather than a password, to log in to the instance. You do not need to worry about password interception, cracking, or leakage.

You can use Data Encryption Workshop (DEW) to manage key pairs, including creating, importing, binding, viewing, resetting, replacing, unbinding, and deleting key pairs.

This section describes how to create and bind a key pair. For details about other operations, see KPS.

Working Principles

  • Encryption and decryption
    • When you use a public key to encrypt data, only the corresponding private key can be used to decrypt the data. For example, if a user (user A) wants to send messages to another user (user B) securely, user A can use user B's public key to encrypt the messages, and user B uses its own private key to decrypt the messages.
    • If you use a private key to encrypt data, the public key can be used to decrypt data. This method is mainly used for digital signature to verify the information source and integrity.
  • Digital signature
    • User A uses its private key to generate a signature for data, and then sends the data and signature to user B.
    • User B uses user A's public key to verify the signature. If the verification is successful, the data was not tampered with and was sent from user A.

Scenarios

When purchasing a FlexusX instance, you can select a key pair for identity authentication. For Windows instances, you can use the key pair to obtain the login password.

  • Logging in to a Windows FlexusX instance

    You can use the key pair to obtain a password for login. The password is randomly generated and is more secure. For details, see Obtaining the Password for Logging In to a Windows ECS. The ECS guide also applies to FlexusX instances.

Key Pair Operation Guide

Table 1 Key pair operation guide

Scenario

Description

Creating a key pair

If no key pair is available, create one to generate a public key and a private key. Use the private key for login authentication. For details about how to create a key pair, see Creating a Key Pair.

Binding a key pair

Constraints

  • Key pairs can only be used for Linux instance remote login.
  • The SSH key pairs created on the management console support the following cryptographic algorithms:
    • SSH-ED25519
    • ECDSA-SHA2-NISTP256
    • ECDSA-SHA2-NISTP384
    • ECDSA-SHA2-NISTP521
    • SSH_RSA: The length can be 2,048, 3,072, or 4,096 bits.
  • Key pairs can only be used for instances in the same region.
  • Imported SSH key pairs support the following cryptographic algorithms:
    • SSH-DSS
    • SSH-ED25519
    • ECDSA-SHA2-NISTP256
    • ECDSA-SHA2-NISTP384
    • ECDSA-SHA2-NISTP521
    • SSH_RSA: The length can be 2,048, 3,072, or 4,096 bits.
  • The private key is one of the most important methods to protect your FlexusX instances during the remote login. To ensure instance security, the private key can be downloaded only once. Therefore, keep it secure.