Help Center

Key Management Service

Product Description
Billing
Getting Started
User Guide
SDK Reference
Best Practices
FAQs
Related Agreements

Application Scenarios

2024-12-18 08:53:19

KMS is widely used in many scenarios. The following are common application scenarios of KMS.

Scenario 1: Sensitive data encryption

Calls the KMS cryptographic operation API to implement online data processing, and directly uses the CMK for data encryption and decryption.

Characteristics of scenario

Encrypts small amounts of data such as passwords, certificates, and configuration files, effectively avoiding sensitive information leakage.

Advantages

Ÿ   Easy encryption: Encrypts and decrypts data online through the cryptographic operation API of KMS;

Ÿ   Secure and reliable: Encrypts and decrypts data directly through the CMK to ensure that plaintext data is not flushed into disks.

Scenario Diagram

 

Scenario 2: Envelope encryption

Calls the KMS cryptographic operation API to generate DEKs online, which are encrypted by CMK and support secure export. Large-scale data encryption and decryption can be performed locally using the exported DEKs.

Characteristics of scenario

Encrypts and protects massive data or performance-sensitive data, ensuring access experience.

Advantages

Ÿ   Efficient and easy-to-use: By creating DEKs, KMS encrypts local data in an offline mode to avoid security risks caused by migrating mass data;

Ÿ   Double encryption: By using a two-level key structure consisting of a CMK and a DEK, KMS ensures the randomness and security of the DEK, ensuring the performance of data encryption.

Scenario Diagram

Scenario 3: Signature verification

The following operations describe a typical signature verification scenario:
A signer creates an asymmetric key through the KMS.
The signer computes the message signature using the private key by calling the cryptographic operation API.
The signer obtains the public key and distributes it to the message receiver.
The receiver uses the public key to verify the signature.

Characteristics of scenario

Secures transmission of sensitive information between systems with different levels of trust.

Advantages

Ÿ   Wide application: Signature verification achieved through asymmetric keys is widely used in related fields such as data tamper-proof and identity authentication;

Ÿ   Security guarantee: Supports popular asymmetric key algorithms and provides sufficient security strength to secure digital signatures.

Scenario Diagram


The previous article -  Terms
The next article -  Product Specifications