- Print
- PDF
Key Management Service glossary
- Print
- PDF
Available in Classic and VPC
Some terminology is crucial in using Key Management Service. The glossary and its description are as follows.
Key Management Service administrator
A sub account granted managed policy NCP_KMS_MANAGER through Sub Account
Symmetric Key-based Encryption
Encryption method that uses the same keys for encryption and decryption. Create ciphertext and plaintext by repeating substitution and transposition on data bits, and encryption generally uses the symmetric-key method to guarantee data confidentiality.
Data Key (or data encryption key)
A key that is directly applied to data encryption. This refers to a key that you store yourself, and is referred to in this guide as a data key, data encryption key, DEK, etc.
Root key
Top-level key that protects that KMS system. All key data of KMS are encrypted using the root key and stored in the storage.
Decryption
The process of converting a ciphertext that has been converted through an encryption back into the original data (plaintext)
Seal
Behavior of encrypting data keys or credentials
Asymmetric Key-based Encryption
Cryptography that uses different keys for encryption and decryption upon data en/decryption (public key encryption method). Create ciphertext/plaintext by calculating data and keys mathematically. The keys used are composed of a pair of key values that can be made public and key values that must remain secure.
User-managed key
Key that a customer creates and manages on KMS. The key value cannot be explicitly viewed no matter the circumstance (even if it is the system operator) and is not exposed outside the KMS system. The key is generally recommended to be used to seal data keys or credentials, and is referred to as the 'key' or 'master key' in the KMS usage guide.
Encryption
Processing of converting plaintext data by random manipulation, into ciphertext information that cannot be read
Credentials
All data used for credentials, not only the data key, but also passwords, private keys for certificates, and others
Key Store
A key store per customer using the Key Management Service. All keys created by a customer are stored in their own key store, and each key store is logically isolated and managed. Key stores can be accessed and managed through the Key Management Service console.
Rotation
Task of renewing keys in preparation against various cryptographic threats
To see a full list of terms and definitions, go to Glossary from the NAVER Cloud Platform portal.