Key Management Service (KMS) supports symmetric and asymmetric keys for data encryption, digital signing, and secure key distribution. This topic describes each key specification, its supported algorithms, and the cryptographic standards it complies with.
Symmetric encryption
Symmetric encryption uses the same key to encrypt and decrypt data. KMS keeps symmetric key material confidential to prevent unauthorized access.
Key specifications
| Protection level | Key specification | Encryption mode | Padding mode |
|---|---|---|---|
| Software-protected key | Aliyun_AES_256 | GCM (default) | N/A |
| Hardware-protected key | Aliyun_AES_256, Aliyun_AES_192, Aliyun_AES_128 | GCM (default), ECB, CBC | GCM: no padding. ECB or CBC: PKCS7_PADDING or NO_PADDING. |
| External Key | Aliyun_AES_256 | GCM (default), ECB, CBC | GCM: no padding. ECB or CBC: PKCS7_PADDING or NO_PADDING. |
If you call the CreateKey operation without specifying KeySpec, KMS creates a symmetric key with the Aliyun_AES_256 specification.Technical standards
| Key specification | Description | Standard |
|---|---|---|
| Aliyun_AES_256 | 256-bit Advanced Encryption Standard (AES) key | FIPS PUB 197 |
| Aliyun_AES_192 | 192-bit AES key | FIPS PUB 197 |
| Aliyun_AES_128 | 128-bit AES key | FIPS PUB 197 |
Asymmetric encryption
An asymmetric key consists of a public key and a private key that are mathematically related. The public key is accessible to all users. The private key can be used only by the owner or trusted users. KMS ensures the security of the private key and does not support export of private keys by calling operations.
After you create an asymmetric key, get the public key from the KMS console or by calling the GetPublicKey operation.
Asymmetric keys support two key purposes:
ENCRYPT/DECRYPT: Call the Encrypt operation with the public key to encrypt data, and the Decrypt operation with the private key to decrypt it. This is suited for distributing small amounts of confidential data, such as symmetric keys.
SIGN/VERIFY: Call the Sign operation with the private key to generate a digital signature, and the Verify operation with the public key to verify it.
Specify the key purpose when you create an asymmetric key.
Asymmetric cryptographic operations are computationally intensive. For encrypting bulk data, use symmetric encryption and distribute the symmetric key using an asymmetric key pair.
Key specifications
| Protection level | Key specification | Encryption algorithm | Signature algorithm |
|---|---|---|---|
| Software-protected key | RSA_2048, RSA_3072, RSA_4096 | RSAES_OAEP_SHA_256 (default) | RSA_PSS_SHA_256 (default), RSA_PKCS1_SHA_256 |
| Software-protected key | EC_P256, EC_P256K | ECIES_DH_SHA_1_XOR_HMAC (default) | ECDSA_SHA_256 (default) |
| Hardware-protected key | RSA_2048, RSA_3072, RSA_4096 | RSAES_OAEP_SHA_256 (default) | RSA_PSS_SHA_256 (default), RSA_PKCS1_SHA_256 |
EC_P256, EC_P256K | ECIES_DH_SHA_1_XOR_HMAC (default) | ECDSA_SHA_256 (default) | |
| Hardware-protected key | EC_P256, EC_P256K | ECIES_DH_SHA_1_XOR_HMAC (default) | ECDSA_SHA_256 (default) |
Technical standards
| Key specification | Description | Standard |
|---|---|---|
| RSA_2048 | 2048-bit Rivest-Shamir-Adleman (RSA) key pair | PKCS #1: RSA Cryptography Specifications Version 2.2 |
| RSA_3072 | 3072-bit RSA key pair | PKCS #1: RSA Cryptography Specifications Version 2.2 |
| RSA_4096 | 4096-bit RSA key pair | PKCS #1: RSA Cryptography Specifications Version 2.2 |
| EC_P256 | Elliptic Curve Cryptography (ECC) key pair on the P-256 curve (also known as secp256r1 or ANSI prime256v1) | NIST SP800-186 |
| EC_P256K | ECC key pair on the secp256k1 curve, recommended by the Standards for Efficient Cryptography Group (SECG) | SEC 2: Recommended Elliptic Curve Domain Parameters |
Encryption algorithms
| Algorithm | Description |
|---|---|
| RSAES_OAEP_SHA_256 | RSA encryption using RSAES-OAEP padding with MGF1 and SHA-256, as defined in PKCS #1 (RFC 3447). |
| ECIES_DH_SHA_1_XOR_HMAC | Elliptic Curve Integrated Encryption Scheme (ECIES) compliant with SEC 1: Elliptic Curve Cryptography, Version 2.0. Uses Elliptic-curve Diffie-Hellman (ECDH) for key agreement, key derivation function 2 (KDF2) with SHA-1 for key derivation, HMAC-SHA-1 as the Message Authentication Code (MAC), and XOR for symmetric encryption. |
Signature algorithms
| Algorithm | Description |
|---|---|
| RSA_PSS_SHA_256 | SHA-256 for hashing and MGF1 with SHA-256 for signature calculation, based on the RSASSA-PSS algorithm defined in PKCS #1 (RFC 3447). |
| RSA_PKCS1_SHA_256 | SHA-256 for hashing and signature calculation, based on the RSASSA-PKCS1-v1_5 algorithm defined in PKCS #1 (RFC 3447). |
| ECDSA_SHA_256 | Elliptic Curve Digital Signature Algorithm (ECDSA) with SHA-256 for hashing. |