Check key information

Prev Next

Available in Classic and VPC

Keys created in Key Management Service can be managed directly by user, and depending on usage permissions, you can manage them and use them for encryption/decryption and signing/validation. Permission setting is required for Key Management Service to generate and manage keys. For more information, see Key Management Service permissions management.

Note

The encryption/decryption and signing/validation features using created keys are provided as Key Management Service APIs. For more information about how to use it, see Key Management Service API guides.

Key Management Service page

The basic description of using Key Management Service are as follows:

kms-default-info-01_250618

Area Description
① Menu name Displays service name and number of keys created.
② Key creation feature Keys can be created.
③ Key boundary tab Select Global or Region-isolated type.
④ Key list List of currently maintained keys.
⑤ Key details View key's basic information, rotation and authentication settings, and key usage history.

Select key boundary and check key list

Key list

You can view key-specific information in the key list. To view the information, follow these steps:

  1. In the NAVER Cloud Platform console, navigate to i_menu > Services > Security > Key Management Service > Key.
  2. In the key boundary tab, select either Global or Isolated. For Region-isolated keys, the currently selected Region is set as the boundary.
    kms-default-info-02_250618
  3. Click a key in the displayed list to view its basic information and rotation settings.
Key isolation

For more information on key isolation and boundaries, see Key Management Service concepts > Key isolation.

Basic information

  • Key name: the unique name assigned to the key at creation. Key name is not treated as confidential information.
  • Status: the state of the key. (For more information on the status, see Key status.)
  • Key Tag: the unique identifier derived from the key's unique name, used for encryption/decryption requests via REST APIs. Key Tag is not treated as confidential information.
  • Key type (usage): there are three types of usages for the created key: encryption/decryption, signing/verification, and encryption/decryption and signing/validation.
    • AES256: encryption/decryption: a 256-bit key using symmetric key AES cipher (AES 256-GCM96). Can encrypt data up to 32 KB.
    • RSA2048: a 2048-bit key using asymmetric key RSA cipher (RSA 2048). Can use both encryption/decryption and signing/validation features, but has the slowest processing speed. Can encrypt data up to 190 B or sign data up to 8 KB.
    • ECDSA: a 256-bit key using asymmetric key ECDSA cipher (ECDSA-P256). Can sign data up to 8 KB.
  • Convergent encryption: indicates whether convergent encryption is applied. (For more information on convergent encryption, see Key creation.)
  • Generation date: the date the key was created.
  • NRN: a unique resource identifier used internally within NCP. It can also be found in Resource Manager.
  • Base URL: the base endpoint used to call the Key API.
Region-isolated key API
  1. APIs for Region-isolated keys are only available in version 2.0.
  2. Each Region has its own assigned Base URL, so you must use the Base URL for the corresponding Region when calling the API. For more information, see Key Management Service API guides.
  • Memo: additional information and description about the key entered by the user.

Rotation settings information

  • Automatic rotation: displays automatic rotation status of the key.
  • Rotation cycle (next rotation date): (If automatic rotation is set) displays the daily rotation cycle when the key automatically rotates and the next scheduled rotation date.
  • Current version: displays the most recent version of the key.