|Key Management Service||KMS||Alibaba Cloud Key Management Service.|
|envelope encryption||Envelope encryption is the practice of encrypting plaintext data with a unique data key, and then encrypting the data key with a key encryption key (EDK). You may choose to encrypt the EDK with another EDK, and so on, but eventually you must have a master key. The master key is an unencrypted (plaintext) key with which you can decrypt one or more other keys.|
|Customer Master Key||CMK||CMK is the master key generated by using Alibaba Cloud KMS. It can encrypt data keys and generate envelope encryption. It can also encrypt a small amount of data.|
|EnvelopedDataKey / DataKey||EDK/DK||DK is the plaintext key to encrypt data, and EDK is the key to encrypt the DK by using envelope encryption.|
Thank you! We've received your feedback.