The communication process of asymmetric key encryption is similar to symmetric encryption, but it needs a public key for data encryption and a private key for data decryption.
Ciphertext can be decrypted only with a private key, Therefore, even if information leakage occurs due to the low security of the transmission medium, those who get the ciphertext still cannot decrypt it, which ensures the security of sensitive information. It is suitable for transmitting sensitive information and is widely used in various key exchange scenarios.
Procedure
1. The information receiver creates an asymmetric user master key (CMK) on the KMS console or by calling the CreateKey API.
2. The information receiver obtains the public key by calling the getPublicKey API of KMS, and distributes it to the information sender.
3. The information sender uses the public key to encrypt data locally through OpenSSL. In special cases, you can also use CMK to encrypt data by calling the asymmetricEncrypt API of KMS;
4. The information sender transmits the encrypted data to the information receiver;
5. After receiving the encrypted data, the receiver can call the asymmetricDecrypt API and decrypt the data using the private key.