This section introduces the specifications of KMS.
KMS provides service editions of different specifications, including basic edition and enterprise edition. You can select a proper edition based on the edition comparison information. The subscription-based KMS provides a free default key that supports encryption of cloud products.
√: supported; ×: not supported
Comparison Item | Sub-item | Default Key | Basic Edition | Enterprise Edition (Stay tuned) |
Billing Mode | Free | Subscription-based Billing | Subscription-based Billing | |
Application Scenarios | Transparent encryption | √ | √ | √ |
User-managed application encryption | × | √ | √ | |
Compliance with security assessment of commercial password applications | × | × | √ | |
Certificate Management | × | √ | √ | |
Quota | Default computing performance | 750QPS | 2000QPS | 2000QPS |
Number of keys | For each eSurfing Cloud account, you can create one default key in each resource pool for each cloud product. | 0-2000 | 0-2000 | |
Number of certificates | × | 0-1000 | 0-1000 | |
Access network type | - | Internet (managed by KMS) | Inter-VPC call (private network) | Inter-VPC call (private network) |
Key Management | Key specifications | AES_256 | Symmetric key: AES_256 Asymmetric key: RSA_2048 | Symmetric key: AES_256 Asymmetric key: RSA_2048 |
Import external key material (BYOK) | × | √ Symmetric key | √ Symmetric key | |
Automatic key rotation | × | √ Symmetric key | √ Symmetric key | |
Scheduled key deletion | × | √ | √ | |
Key deletion protection | × | √ | √ | |
Key alias management | √(System default alias) | √ | √ | |
Cryptographic operation | Data encryption or decryption | √(Cloud products) | √ | √ |
Signature verification | × | √ | √ | |
Certificate Management | Create Certificate | × | √ | √ |
Import Certificate | × | √ | √ | |
Revoke Certificate | × | √ | √ | |
Delete a certificate | × | √ | √ | |