Key Management Service overview
  • PDF

Key Management Service overview

  • PDF

Available in Classic and VPC

Key Management Service is a NAVER Cloud Platform service that provides the cryptographic key management feature, which is an essential element for operation and implementation of encryption. You can safely protect user credentials using strictly managed keys in a high-availability system that puts safety first. You can conveniently manage key usage permissions and status from the NAVER Cloud Platform console, and use encryption/decryption and signature/verification features using keys through the provided Rest API.

A variety of features Key Management Service offers

The following describes various features provided by Key Management Service.

  • Data protection: effective protection of all data requiring confidentiality as well as key protection
  • Signature and verification: provides signature and verification features for authentication and prevention of repudiation
  • Strict access control: access control performed for each key based on role policy
  • Key lifecycle management: prepares for security threats through key renewal, deactivation, and revocation according to recommendation standards
  • Hierarchical key management: thoroughly encrypted hierarchical management using the secure envelope encryption method
  • Key audit: Provides features for periodic audit/management by experts and record/history monitoring for safe use of keys
  • Rest API: encryption/decryption, password data update, data key request, etc. through Rest API calls

About Key Management Service guide

Key Management Service provides services in Korea, U.S., Singapore, Hong Kong, Japan, and Germany regions. The service content is identical in all regions. Please check the following table of contents and their details for smooth use of Key Management Service.

NAVER Cloud Platform provides a variety of related resources as well as guides to help customers better understand Key Management Service. If you're a developer or marketer in need of detailed information while you're considering implementing Key Management Service or establishing related policies, then please make good use of the resources below.

  • Advancement of understanding and usage methods of Key Management Service
  • Guides for linked services required for the use of Key Management Service
    • Sub Account Guide: how to use Sub Account, which helps the management of Key Management Service's administration permissions
    • API Gateway Guide: how to use API Gateway, which is required for Key Management Service API calls

Check FAQs first.

You can get your questions answered quickly by referring to the answers in the FAQ before reading the guide. If you haven't found the answer to your question in the FAQ below, then search the guide for what you would like to know.

Q. Why do I have to use the key sealing or envelope encryption method? A. It can be said that data control is guaranteed when data confidentiality is ensured and access control to encryption keys is accurately performed. It is known that "key escrow services" such as Key Management Service reduce data control, since data encryption keys are possessed by the service provider and there are concerns regarding data leakage by the service provider. The encryption method that can solve these issues is "envelope encryption." The key sealing or envelope encryption method, which stores the sealing key rather than directly storing the key that encrypted data, is recommended since it satisfies both the key management and data control guarantee conditions.

Q. Even if data control is guaranteed, is there any possibility that the system admin could still use user managed keys without permission? A. Entrusting management of encryption keys to a third party has the effect of increasing the threat to the confidentiality of keys. No matter how secure and reliable the third party is, there is no denying that the threat to be considered increases. Therefore, if the key that encrypts the actual data and the key that protects the encryption key are separated and managed hierarchically using the envelope encryption method, that threat can be significantly reduced. In other words, even if the internal admin of the entrusted key management system accesses users' keys for malicious purposes, they can't view the data without permission since they're not managing sealed keys used for data encryption. Furthermore, Key Management Service is designed so that the system root key is divided and managed through multiple admins, so a small number of admins with malicious purposes can't use the key without permission.

Q. Can I receive the created key directly? A. Since keys managed through Key Management Service are operated only in the internal core system, they can't be extracted under any circumstances. Whether you're a customer who created the key directly or an internal system admin, it is impossible to access the key directly.

Q. What happens if I accidentally delete a user key or lose a sealed key? A. The use of encrypted data depends on the key. Key leakage means data leakage, and access to the data is no longer possible if the key is lost. Likewise, in the envelope encryption method, if the user key is deleted or the sealed key is lost, then the data can't be used. Thus, key deletion in Key Management Service must be done very carefully, and sealing keys must be also managed so they're not lost. It is best to keep the encrypted data and the sealed key together, as recommended by the envelope encryption method.

Q. What happens if the keys managed by Key Management Service are lost or damaged due to system errors or various disasters? A. User keys in Key Management Service are encrypted and stored with the root key. Encrypted keys are backed up and managed very thoroughly. Situations such as severe system errors and disasters are classified as special exceptions in Key Management Service. When they occur, the key data recovery procedures are executed according to the KMS Disaster Recovery (DR) policy under the approval of NAVER's chief security officer. The secure storage medium sealed in the safe is delivered to each admin and unsealed. Afterwards, it follows the procedure of decrypting the backed-up data, restarting the system, renewing them with new keys, and then sealing them again for storage. All procedures are conducted transparently in the presence of security auditors.

Q. Can I view the management information such as information and usage history of permanently deleted keys? A. While you can't view it in the console, you can request it through Support > Contact us in the NAVER Cloud Platform portal. The management information of deleted keys are maintained for one year and then deleted. If you need to delete the management information immediately, request immediate deletion through Support > Contact us.

Was this article helpful?