Help Center/ Data Encryption Workshop/ User Guide (Kuala Lumpur Region)/ FAQs/ KMS Related/ How Do Cloud Services Use KMS to Encrypt Data?

Updated on 2024-03-27 GMT+08:00

View PDF

How Do Cloud Services Use KMS to Encrypt Data?

Envelope encryption is an encryption method that enables DEKs to be stored, transmitted, and used in "envelopes" of CMKs. As a result, CMKs do not directly encrypt and decrypt data.

When users download the data from the cloud, the cloud service uses the CMK specified by KMS to decrypt the ciphertext DEK, use the decrypted DEK to decrypt data, and then provide the decrypted data for users to download.

Parent topic: KMS Related

Previous topic: Which Cloud Services Can Use KMS for Encryption?

Next topic: What Are the Benefits of Envelope Encryption?

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.