Key Management Service (KMS) - Supports Asymmetric Keys of RSA and ECC Types
Jan 01 2020
Key Management Service (KMS)Content
Target customers: a variety of enterprise businesses such as IT services, financial institutions, blockchain providers and users, and IoT. Enterprises can use asymmetric keys in a wide range of scenarios such as code signatures (container images), electronic payment, blockchain signature, IoT device signature, user-created CA for internal websites, mobile device management, and identity verification. Feature released: KMS supports hosting and cryptographic operations of asymmetric keys (of RSA and ECC types) in all regions to help customers implement digital signature and asymmetric data encryption. KMS supports hosting of RSA-type asymmetric keys. It supports mainstream RSA public key encryption algorithms and private key signature algorithms. You can also host ECC-type keys. KMS supports the NIST P-256 curve and the secp256k1 curve which is commonly used in blockchain. You can call the GetPublicKey operation to obtain the public key and then distribute it publicly. Public keys can be used to verify signatures generated by private keys or encrypt sensitive data. Only users with private key access permissions can generate signatures or decrypt sensitive data that is encrypted with public keys. KMS helps protect your private keys. You must call the AsymmetricSign or AsymmetricDecrypt operation to indirectly use private keys. KMS also provides the AsymmetricVerify and AsymmetricEncrypt operations for you to implement access control on public keys and audit the usage of public keys.