Estos contenidos se han traducido de forma automática para su comodidad, pero Huawei Cloud no garantiza la exactitud de estos. Para consultar los contenidos originales, acceda a la versión en inglés.

Centro de ayuda/ Data Encryption Workshop/ Descripción general del servicio/ Basic Concepts

Actualización más reciente 2024-09-14 GMT+08:00

Ver PDF

Basic Concepts

To help you understand and use DEW better, this document describes the related basic terms.

**Tabla 1** Common encryption terms
Term	Definition	More info
Symmetric key encryption	Symmetric key encryption is also called dedicated key encryption. The sender and receiver use the same key to encrypt and decrypt data. Advantage: Encryption and decryption are fast. Disadvantage: Each pair of keys must be unique. Key management is difficult if there are a large number of users. Scenario: Encrypt a large amount of data.	Key Types
Asymmetric key encryption	Asymmetric key encryption is also called public key encryption. A pair of keys are used for encryption and decryption. One is a public key, and the other is a private key. Advantage: Different keys are used for encryption and decryption, enhancing security. Disadvantage: Encryption and decryption are slow. Scenario: Encrypt sensitive information.	Key Types
Hash-based Message Authentication Code (HMAC)	HMAC combines information with keys and encrypts the result using a hash function to protect information integrity and verify information.	-
Digital signature	A digital signature is also known as a public key digital signature, which is used to verify the authenticity and integrity of a message. After a message is encrypted using a private key and is sent, the receiver uses a public key to decrypt the message. The security of electronic files are protected by comparing the signature information.	-

**Tabla 2** KMS terms
Item	Definition	Reference
Hardware Security Module (HSM)	An HSM is a type of computer hardware that protects and manages the keys used by strong authentication systems and provides related cryptographic operations.	-
Customer Master Key (CMK)	A CMK is a Key Encryption Key (KEK) created by a user or cloud service using KMS. It is used to encrypt and protect Data Encryption Keys (DEKs). One CMK can be used to encrypt one or more DEKs. CMKs are categorized into custom keys and default keys.	What Is a Customer Master Key?
Default key	A default key is automatically created by another cloud service using KMS, such as Object Storage Service (OBS). The alias of a default key ends with /default.	What Is a Default Key?
Key material	Key materials are important input for cryptographic operations. A CMK consists of a key ID, metadata, and a key material.	-
Envelope encryption	Envelope encryption is the practice of encrypting data with a DEK and then encrypting the DEK with a root key that you can fully manage. In this case, CMKs are not required for encryption or decryption.	What Are the Benefits of Envelope Encryption?
Data Encryption Key (DEK)	A DEK is used to encrypt data.	What Is a Data Encryption Key?

**Tabla 3** SSH key pair terms
Term	Definition	More info
SSH key pair	An SSH key pair is used for encrypting and verifying SSH network connections. Each SSH key pair consists of a private key and a public key. A private key is an encrypted file which can only be accessed by the owner. A public key is an unencrypted file which can be shared with anyone. If you are connecting to another user's computer, you can use the public key to encrypt messages and the private key to decrypt. The private key can be accessed only by the owner and the public key can be shared with others. As a result, SSH key pairs are more secure than conventional password verification.	Key Pair Service
Private key pair	A private key pair can be viewed or used only by the current account.	Creating a Key Pair
Account key pair	An account key pair can be viewed or used by all users under the account.	Upgrading a Key Pair