Managing Public and Private Keys
After a key pair is created on KPS, the public key is automatically stored in Huawei Cloud, while you need to download and store the private key. You can also save your private keys in Huawei Cloud and manage them with KPS based on your needs. Huawei Cloud uses encryption keys provided by KMS to encrypt your private keys to ensure secure storage and access.
This section describes how to:
Constraints
- Only the private key that matches a public key can be imported for the public key.
- The private key to be uploaded or copied to the text box must be in the .pem format. If it is in the .ppk format, convert it by referring to How Do I Convert the Format of a Private Key File?.
Downloading a Public Key
To download a public key to the local PC from KPS, perform the following steps:
- Log in to the DEW console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click Key Pair Service.
- Locate the target key pair, click Download Public Key in the Operation column. The public key in .txt format is obtained.
Importing a Private Key
To facilitate local private key management, you can import the private key to the KPS console for centralized management of your private keys. The managed private keys are encrypted by the keys provided by KMS, ensuring security for storage, import, and export of the private keys. You can download the private keys from the management console whenever you need. To ensure the security of the private keys, keep the downloaded private keys properly.
- In the navigation pane on the left, click Key Pair Service.
- Locate the target public key and click Import Private Key in the Operation column. The Import Private Key page is displayed, as shown in Figure 1.
- Click Select File, select a local .pem private key file. Alternatively, you can copy and paste the private key content to the Private Key Content text box.
- Only the private key that matches a public key can be imported for the public key.
- The private key to be uploaded or copied to the text box must be in the .pem format. If it is in the .ppk format, convert it by referring to How Do I Convert the Format of a Private Key File?.
- Select an encryption key from the KMS encryption drop-down list box.
- KPS encrypts private keys using the encryption key provided by KMS. When you use the KMS encryption function of the key pair, KMS creates a default key kps/default for you to use.
- For details about how to create a custom key on KMS, see Creating a Key.
- Click OK to complete the import.
Exporting a Private Key
If you have the private keys managed by the management console, you can download the private keys whenever you need. To ensure the security of the private key, keep the downloaded private key properly.
A private key is encrypted and decrypted using the same encryption key. If the encryption key is deleted, the private key will fail to be exported.
- In the navigation pane on the left, click Key Pair Service.
- Locate the target key pair and click Export Private Key in the Operation column. The Export Private Key dialog box is displayed, as shown in Figure 2.
You can select multiple private keys and click Export Private Key to export them in batches.
- Click OK. The browser automatically downloads the private key.
A private key is encrypted and decrypted using the same encryption key. If the encryption key is deleted, the private key will fail to be exported.
Clearing a Private Key
If the private keys managed by KPS are no longer needed, you can clear the managed private keys on the KPS console.
After the private key is cleared, you cannot obtain the private key from Huawei Cloud. Exercise caution when performing this operation. If you need to have the private key managed again, you can import the private key to the management console.
- In the navigation pane on the left, click Key Pair Service.
- Locate the target key pair and choose More > Clear Private Key in the Operation column.
- In the displayed Clear Private Key dialog box, click OK.
After the private key is cleared, you cannot obtain the private key from Huawei Cloud. Exercise caution when performing this operation. If you need to have the private key managed again, you can import the private key to the management console.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot