Key types and specifications - Key Management Service - Alibaba Cloud Documentation Center

Key Management Service (KMS) supports common symmetric and asymmetric keys and ensures the security of encrypted data. This topic describes the key specifications of symmetric and asymmetric keys.

Symmetric encryption

Symmetric encryption is commonly implemented to protect sensitive data. You can use the same key to encrypt and decrypt data. KMS keeps the key material of a symmetric key confidential to prevent the symmetric key from being used by unauthorized users or stolen. This ensures the security of encrypted data.

Key specifications

In most cases, symmetric keys are used for data encryption. The following table describes the key specifications that are supported by different types of symmetric keys.

Protection level	Key specification	Data encryption mode	Padding mode
Software-protected key	Aliyun_AES_256	GCM (default)	N/A.
Hardware-protected key	Aliyun_AES_256 Aliyun_AES_192 Aliyun_AES_128	GCM (default), electronic codebook (ECB), cipher block chaining (CBC)	If the GCM mode is used, no padding modes are used. If the ECB or CBC mode is used, the padding mode is PKCS7_PADDING or NO_PADDING.
External Key	Aliyun_AES_256	GCM (default), ECB, CBC	If the GCM mode is used, no padding modes are used. If the ECB or CBC mode is used, the padding mode is PKCS7_PADDING or NO_PADDING.

Note

If you call the CreateKey operation to create a key but do not configure KeySpec, KMS creates a symmetric key whose key specification is Aliyun_AES_256.
The key specification of the default keys is Aliyun_AES_256, and the data encryption mode is GCM by default.

Technical standards compliance

Aliyun_AES_256: 256-bit Advanced Encryption Standard (AES) keys. Follow Advanced Encryption Standard (AES) (FIPS PUB 197).
Aliyun_AES_192: 192-bit AES keys. Follow Advanced Encryption Standard (AES) (FIPS PUB 197).
Aliyun_AES_128: 128-bit AES keys. Follow Advanced Encryption Standard (AES) (FIPS PUB 197).

Asymmetric encryption

An asymmetric key consists of a public key and a private key that are mathematically related to each other. The public key is available for all users, but the private key can be used only by the owner or trusted users.

Note

After you create an asymmetric key in KMS, you can obtain the public key in the KMS console or by calling the GetPublicKey operation. KMS ensures the security of the private key and does not support export of private keys by calling operations.

In most cases, asymmetric key pairs are used for signing and verification or to encrypt and transmit a small amount of confidential information, such as symmetric keys. You can specify the key purpose when you create an asymmetric key.

If the key purpose is ENCRYPT/DECRYPT, you can call the Encrypt operation to encrypt data by using the public key and call the Decrypt operation to decrypt data by using the private key.
If the key purpose is SIGN/VERIFY, you can call the Sign operation to generate a digital signature by using the private key and call the Verify operation to verify the signature by using the public key.

Note

Asymmetric encryption is computationally intensive. In most cases, asymmetric cryptographic operations are used to encrypt data in small pieces such as securely distributing symmetric keys.

Key specifications

The following table describes the key specifications that are supported by different types of asymmetric keys.

CMK	Key specification	Supported encryption algorithm	Supported signature algorithm
Software-protected key	RSA_2048, RSA_3072	RSAES_OAEP_SHA_256 (default)	RSA_PSS_SHA_256 (default), RSA_PKCS1_SHA_256
Software-protected key	EC_P256, EC_P256K	ECIES_DH_SHA_1_XOR_HMAC (default)	ECDSA_SHA_256 (default)
Hardware-protected key	RSA_2048, RSA_3072, RSA_4096	RSAES_OAEP_SHA_256 (default)	RSA_PSS_SHA_256 (default), RSA_PKCS1_SHA_256
Hardware-protected key	EC_P256, EC_P256K	ECIES_DH_SHA_1_XOR_HMAC (default)	ECDSA_SHA_256 (default)

Technical standards compliance

RSA_2048: 2048-bit Rivest-Shamir-Adleman (RSA) key pairs. Follow PKCS #1: RSA Cryptography Specifications Version 2.2.
RSA_3072: 3072-bit RSA key pairs. Follow PKCS #1: RSA Cryptography Specifications Version 2.2.
RSA_4096: 4096-bit RSA key pairs. Follow PKCS #1: RSA Cryptography Specifications Version 2.2.
EC_P256: Elliptic curve cryptography (ECC) key pairs that use the National Institute of Standards and Technology (NIST)-recommended elliptic curve P-256. Follow NIST SP800-186 Recommendations for Discrete Logarithm-based Cryptography.
EC_P256K: ECC key pairs that use the Standards for Efficient Cryptography Group (SECG)-recommended elliptic curve secp256k1. Follow SEC 2: Recommended Elliptic Curve Domain Parameters.

Encryption algorithm

RSAES_OAEP_SHA_256: The RSA encryption algorithm that uses MGF1 and SHA-256 in the RSAES-OAEP padding mode as defined in PKCS #1 in RFC 3447.
ECIES_DH_SHA_1_XOR_HMAC: Follows SEC 1: Elliptic Curve Cryptography, Version 2.0, uses Elliptic-curve Diffie–Hellman (ECDH) for key agreement, uses key derivation function 2 (KDF2) with SHA-1 for key derivation, uses HMAC-SHA-1 as the Message Authentication Code (MAC) algorithm, and uses XOR for symmetric encryption.

Signature algorithm

RSA_PSS_SHA_256: Uses the SHA-256 algorithm to calculate hash values and uses MGF1 with SHA-256 to calculate signatures based on the RSASSA-PSS algorithm defined in PKCS #1 in RFC 3447.
RSA_PKCS1_SHA_256: Uses the SHA-256 algorithm to calculate hash values and calculate signatures based on the RSASSA-PKCS1-v1_5 algorithm defined in PKCS #1 in RFC 3447.
ECDSA_SHA_256: Uses the Elliptic Curve Digital Signature Algorithm (ECDSA) to calculate signatures and SHA-256 to calculate hash values.