Help Center/ Data Encryption Workshop/ User Guide/ Key Pair Service/ Managing Key Pairs/ Managing Public and Private Keys
Updated on 2025-07-30 GMT+08:00
View PDF
Share

Managing Public and Private Keys

After a key pair is created on KPS, the public key is automatically stored in Huawei Cloud, while you need to download and store the private key. You can also save your private keys in Huawei Cloud and manage them with KPS based on your needs. Huawei Cloud uses encryption keys provided by KMS to encrypt your private keys to ensure secure storage and access.

This section describes how to:

Constraints

  • Only the private key that matches a public key can be imported for the public key.
  • The private key to be uploaded or copied to the text box must be in the .pem format. If it is in the .ppk format, convert it by referring to How Do I Convert the Format of a Private Key File?.

Downloading a Public Key

To download a public key to the local PC from KPS, perform the following steps:

  1. Log in to the DEW console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click Key Pair Service.
  4. Locate the target key pair, click Download Public Key in the Operation column. The public key in .txt format is obtained.

Importing a Private Key

To facilitate local private key management, you can import the private key to the KPS console for centralized management of your private keys. The managed private keys are encrypted by the keys provided by KMS, ensuring security for storage, import, and export of the private keys. You can download the private keys from the management console whenever you need. To ensure the security of the private keys, keep the downloaded private keys properly.

  1. In the navigation pane on the left, click Key Pair Service.
  2. Locate the target public key and click Import Private Key in the Operation column. The Import Private Key page is displayed, as shown in Figure 1.

    Figure 1 Importing a private key

  3. Click Select File, select a local .pem private key file. Alternatively, you can copy and paste the private key content to the Private Key Content text box.

    • Only the private key that matches a public key can be imported for the public key.
    • The private key to be uploaded or copied to the text box must be in the .pem format. If it is in the .ppk format, convert it by referring to How Do I Convert the Format of a Private Key File?.

  4. Select an encryption key from the KMS encryption drop-down list box.

    • KPS encrypts private keys using the encryption key provided by KMS. When you use the KMS encryption function of the key pair, KMS creates a default key kps/default for you to use.
    • For details about how to create a custom key on KMS, see Creating a Key.

  5. Click OK to complete the import.

Exporting a Private Key

If you have the private keys managed by the management console, you can download the private keys whenever you need. To ensure the security of the private key, keep the downloaded private key properly.

A private key is encrypted and decrypted using the same encryption key. If the encryption key is deleted, the private key will fail to be exported.

  1. In the navigation pane on the left, click Key Pair Service.
  2. Locate the target key pair and click Export Private Key in the Operation column. The Export Private Key dialog box is displayed, as shown in Figure 2.

    Figure 2 Exporting a private key


    You can select multiple private keys and click Export Private Key to export them in batches.

  3. Click OK. The browser automatically downloads the private key.

    A private key is encrypted and decrypted using the same encryption key. If the encryption key is deleted, the private key will fail to be exported.

Clearing a Private Key

If the private keys managed by KPS are no longer needed, you can clear the managed private keys on the KPS console.

After the private key is cleared, you cannot obtain the private key from Huawei Cloud. Exercise caution when performing this operation. If you need to have the private key managed again, you can import the private key to the management console.

  1. In the navigation pane on the left, click Key Pair Service.
  2. Locate the target key pair and choose More > Clear Private Key in the Operation column.

  3. In the displayed Clear Private Key dialog box, click OK.

    After the private key is cleared, you cannot obtain the private key from Huawei Cloud. Exercise caution when performing this operation. If you need to have the private key managed again, you can import the private key to the management console.

Parent Topic: Managing Key Pairs