Unlike symmetric keys, asymmetric keys are mainly used to verify digital signatures or encrypt sensitive information between systems with different trust levels.

You can create asymmetric CMKs in KMS. An asymmetric key pair consists of a public key and a private key, which are cryptographically related to each other. The public key is made available for anyone to use, but the private key must be kept secure and used only by trusted users. Alibaba Cloud supports popular asymmetric key algorithms and provides high-level data security by using strong encryption and digital signatures.

The KMS console generates a certificate signing request (CSR) file for an asymmetric CMK. A certificate applicant submits the CSR file to a certificate authority (CA). Then, the CA sends back a digital certificate that is signed by using the private key of the CA. The digital certificate can be used to protect the security of emails, terminals, code signing, trusted website services, and identity authorization management systems.

## Classification of asymmetric keys

- RSA
Rivest-Shamir-Adleman (RSA) is a classical asymmetric cryptosystem. You can use an RSA key to encrypt or decrypt data or generate a digital signature. KMS supports 2,048-bit RSA keys. If RSA is used, set the KeySpec parameter to RSA_2048.

- ECC
You can use an elliptic-curve cryptography (ECC) key to generate a digital signature. KMS supports the following two types of elliptic curves:
- NIST-recommended elliptic curve P-256. If this elliptic curve is used, set the KeySpec parameter to EC_P256.
- SECG elliptic curve secp256k1. If this elliptic curve is used, set the KeySpec parameter to EC_P256K.

- SM2
SM2 is an encryption algorithm defined by GB/T 32918 based on ECC. You can use an SM2 key to encrypt or decrypt data or generate a digital signature. KMS supports 256-bit elliptic curves defined in the prime field in GB/T 32918. If SM2 is used, set the KeySpec parameter to EC_SM2.

## Data encryption

- An information receiver distributes a public key to a transmitter.
- The transmitter uses the public key to encrypt sensitive information.
- The transmitter sends the ciphertext generated from the sensitive information to the information receiver.
- The information receiver uses the private key to decrypt the ciphertext.

The private key can only be used by the information receiver. This ensures that the plaintext of the sensitive information cannot be intercepted and decrypted by unauthorized parties during transmission. This encryption method is widely used to exchange keys. For example, session keys are exchanged in Transport Layer Security (TLS), and encryption keys are exported and imported between different hardware security modules (HSMs).

For more information, see Encrypt and decrypt data by using an asymmetric CMK.

## Digital signature

- To verify data integrity: If the data does not match its signature, the data may be tampered with.
- To verify message authenticity: If a message does not match its signature, the message transmitter does not hold the private key.
- To provide non-repudiation for signatures: If the data matches its signature, the signer cannot deny this signature.

- A signer sends a public key to a message receiver.
- The signer uses the private key to sign data.
- The signer sends the data and signature to the message receiver.
- After receiving the data and signature, the message receiver uses the public key to verify the signature.

Digital signatures are widely used to defend against data tampering and authenticate identities. For example, you can use digital signatures to protect the integrity of your binary code and verify that the code has not been manipulated. This helps provide a trusted execution environment. Digital signatures can also be used in digital certificate systems. In such a system, a certificate authority (CA) provides a signature for digital certificates to certify the entity information, public and private key information, key purpose, expiration date, and issuer. The private key holder of a certificate uses the private key to sign a message. The message receiver uses the public key contained in the certificate to verify the message signature and uses the public key of the certificate issuer to verify the certificate.

For more information, see Using asymmetric CMKs for digital signatures.

## Key version

KMS does not support automatic rotation of asymmetric CMKs. You can call the CreateKeyVersion operation to create a new key version in a specific CMK and generate a new pair of public and private keys. If you use a new key version to generate a digital signature or encrypt data, you must also distribute the new version of the public key.

In addition, unlike symmetric CMKs, asymmetric CMKs do not have a primary key version. Therefore, to call the operations related to asymmetric keys in KMS, you must specify the CMK ID (or CMK alias) and a key version.

## Public key operation

In most cases, you can call the GetPublicKey operation to obtain a public key and distribute it to users for encryption or verification. Then, the users can use cryptographic libraries such as OpenSSL and Java Cryptography Extension (JCE) on the business end to perform local calculation.

You can also call the AsymmetricEncrypt or AsymmetricVerify operation to perform public key operations. If you call these operations, KMS records logs of the calls and allows you to use Resource Access Management (RAM) to put limits on the use of public keys. Compared with local calculation on the business end, KMS offers flexible functions to suit your needs.

## Private key operation

You can use only the AsymmetricDecrypt or AsymmetricSign operation to encrypt data or generate a digital signature with a private key.