Basic Concepts
This section describes the basic concepts in DEW, helping you understand and use DEW better.
|
Term |
Definition |
|---|---|
|
Symmetric key encryption |
Symmetric key encryption is also called dedicated key encryption. The sender and receiver use the same key to encrypt and decrypt data. Advantage: Encryption and decryption are fast. Disadvantage: Each pair of keys must be unique, making key management difficult when there are a large number of users. Scenario: Encrypt a large amount of data. Encryption process: Assume there is a plaintext message "Hello", the sender uses a symmetric key (for example, key123) and a symmetric encryption algorithm (for example, AES) to encrypt "Hello" into ciphertext, for example, "# %&*". After receiving the ciphertext, the receiver uses the same key123 and AES algorithm to decrypt "#%&*" back to "Hello". |
|
Asymmetric key encryption |
Asymmetric key encryption is also called public key encryption. A pair of keys are used for encryption and decryption. One is a public key, and the other is a private key. Advantage: Different keys are used for encryption and decryption, ensuring high security. Disadvantage: Encryption and decryption are slow. Scenario: Encrypt sensitive information. Encryption process: Assume that the sender needs to send a message "secret plan" to the receiver. The sender obtains the public key of the receiver (for example, public_key_A) and uses the public key to encrypt "secret plan" into ciphertext "@#$ %^&". After receiving the ciphertext, the receiver uses the private key (for example, private_key_A) to decrypt the ciphertext into the plaintext "secret plan". In this way, even if the public key is obtained by others, the ciphertext cannot be decrypted because they do not have the corresponding private key. |
|
Item |
Definition |
|---|---|
|
HSM |
An HSM is a type of computer hardware that protects and manages the keys used by strong authentication systems and provides related cryptographic operations. |
|
CMK |
A CMK is a main encryption key created by a user or cloud service using KMS. It is used to encrypt and protect data encryption keys (DEKs). One CMK can be used to encrypt one or more DEKs. CMKs are categorized into custom keys and default keys. |
|
Default key |
A default key is automatically created by another cloud service using KMS, such as Object Storage Service (OBS). The alias of a default key ends with /default. |
|
Key material |
Key materials are important inputs to cryptographic operations. They are used to encrypt and decrypt key data. A CMK consists of key materials, key IDs, and basic metadata. |
|
Envelope encryption |
Envelope encryption is the practice of encrypting data with a DEK and then encrypting the DEK with a root key that you can fully manage. In this case, CMKs are not required for encryption or decryption. |
|
DEK |
A DEK is used to encrypt data. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
