Key Management Service glossary
  • PDF

Key Management Service glossary

  • PDF

Available in Classic and VPC

You must become familiar with a few terms to use Key Management Service. The terms and their descriptions are as follows.
  • Decryptor
    A user who can only use the decryption and validation features using keys, among roles provided by Key Management Service.

  • Encryptor
    A user who can only use the encryption and signature features using keys, among roles provided by Key Management Service.

  • Encryptor/Decryptor
    A user who can use all of the encryption/decryption and signature/validation features using keys, among roles provided by Key Management Service.

  • Key Management Service admin
    A sub account granted with the system managed policy NCP_KMS_MANAGER through Sub Account.

  • Manager
    A key manager who can use all features that can be performed using keys including management and deletion of keys, among roles provided by Key Management Service.

  • Reviewer
    A user who can view the key usage history, among roles provided by Key Management Service. While they don't use encryption/decryption directly through keys, they can check the status of whether keys are being used well.

  • Symmetric key method encryption
    An encryption method that uses the same key for encryption and decryption. It creates ciphertext/plaintext by repeatedly performing substitution and transposition on data bits. Encryption to ensure data confidentiality generally uses the symmetric key method. View NAVER Cloud Platform glossary for more information.

  • Data key (or data encryption key)
    A key that is applied directly to data encryption. It refers to a key managed directly by the user. In this guide, it is distinguished with a term called data key, data encryption key, or DEK. View NAVER Cloud Platform glossary for more information.

  • Root key
    A top-level key in the system that protects the Key Management Service system. All keys in Key Management Service are encrypted with the root key and stored in storage. View NAVER Cloud Platform glossary for more information.

  • Decryption
    The process of converting a ciphertext that has been converted through an encryption back into the original data (plaintext). View NAVER Cloud Platform glossary for more information.

  • Seal
    The behavior of encrypting data keys or credentials. View NAVER Cloud Platform glossary for more information.

  • Asymmetric key encryption
    An encryption method that uses different keys for encryption and decryption when encrypting/decrypting data. It creates ciphertext/plaintext by calculating data and keys using mathematical principles. The key used at this time consists of a pair of a public key value and a key value that must be kept confidential and protected, and this method is also called public key encryption. View NAVER Cloud Platform glossary for more information.

  • User managed key (or key)
    A key created and managed by the customer in Key Management Service. The key value can't be viewed directly under any circumstances (even if it is by the system operator) and is not exposed outside the internal key storage system of Key Management Service. It is generally used for the purpose of sealing data keys or credentials. It is referred to as user managed key, key, or master key in this guide. View NAVER Cloud Platform glossary for more information.

  • Encryption
    The process of converting data (plaintext), via random manipulation using keys, into information whose meaning can't be understood (ciphertext). View NAVER Cloud Platform glossary for more information.

  • Credential
    It refers to all data, not just the data key, used for credentials, such as passwords, private keys for certificates, etc. View NAVER Cloud Platform glossary for more information.

  • Keystore
    A storage space for keys. One keystore is created for each customer using Key Management Service. All keys created by customers are created in their own keystore, and each keystore is logically isolated and managed. The keystore can be accessed and managed through the Key Management Service console. View NAVER Cloud Platform glossary for more information.

  • Rotation
    The job of renewing key versions to prepare against various cryptographic threats. View NAVER Cloud Platform glossary for more information.


Was this article helpful?