The Key Management System (KMS) service centrally manages cryptographic keys and runs in the Management API server. The Application Operator (AO) creates, uses, and destroys the keys in the KMS.
Supported keys
KMS supports the following keys:
Key primitive
Key primitive (API)
Description
Default algorithm
AEAD
aeadkey
The authenticated encryption with associated data (
The key's components represent the following:
AEAD
)
key that performs authenticated encryption using AES-256
.The key's components represent the following:
-
AES-256: the 256-bit Advanced Encryption Standard (AES) symmetric key algorithm. This algorithm is the default algorithm.
AES_256_GCM
Signing
signingkey
The signing key that provides asymmetric signing using elliptic curve
support.
The key's components represent the following:
The key's components represent the following:
-
EC: the elliptic curve key.
-
P384: the size of the EC curve.
-
SHA384: the digest algorithm used in signing. This algorithm is the default algorithm.
EC_SIGN_P384_SHA384
Key features
The AO centrally manages symmetric and asymmetric cryptographic keys with the AEAD and Signing keys. Through the KMS Creator role, the AO has the ability to create keys.
Through the KMS Admin role, the AO can use , destroy , import , and export aeadkey and signingkey cryptographic keys.
