All Products
Document Center


Last Updated: Apr 02, 2018
Terminology Abbreviation Definition
Key Management Service KMS Alibaba Cloud Key Management Service.
envelope encryption Envelope encryption is the practice of encrypting plaintext data with a unique data key, and then encrypting the data key with a key encryption key (EDK). You may choose to encrypt the EDK with another EDK, and so on, but eventually you must have a master key. The master key is an unencrypted (plaintext) key with which you can decrypt one or more other keys.
Customer Master Key CMK CMK is the master key generated by using Alibaba Cloud KMS. It can encrypt data keys and generate envelope encryption. It can also encrypt a small amount of data.
EnvelopedDataKey / DataKey EDK/DK DK is the plaintext key to encrypt data, and EDK is the key to encrypt the DK by using envelope encryption.