Provides certificate and key lifecycle management and cloud service data encryption
Support Chinese GM/T Cryptographic Standards
Generate private CA, certificate and key through Chinese GM/T cryptographic algorithm.
Extensive Cloud Service Integration
It can be integrated with IAM, computing services, mirroring services, and exclusive load balancing services to provide certificate and key services for cloud products.
Security Compliance
Provide security management of the whole life cycle of certificates and keys, combined with strict permission control to ensure that certificates and keys are used safely and reasonably.
Working Principle
When a user creates a resource using a cloud service, the resource containing sensitive information can be encrypted with the key provided by the key service. The key is generated by the HSM hardware security module, which is also responsible for encryption, decryption, signature, signature verification and other related cryptographic operations.
Advantages
Advantages
Certificate and Key Lifecycle Management
The integrated product integrating certificate service and key service can establish a complete CA system and key system through simple visual operations, and manage its entire life cycle.
Multiple Key Algorithms
The certificate service supports RSA2048, RSA4096, ECC256, ECC384 and other international algorithms, conforms to PKI/CA international standards, and support Chinese GM/T cryptographic algorithms, including: SM2 and SM3. The key service supports AES_256, RSA_2048, RSA_3072, RSA_4096, EC_P256, EC_P384 and other international algorithms, and support Chinese GM/T cryptographic algorithms, including: SM2 and SM4.
Upload Your Own Certificate and Key
Certificate hosting: You can upload your local certificate to the certificate service to realize unified management of certificates for users. Key hosting: For symmetric keys, use your own key material for sensitive data encryption and decryption services.
Seamless Integration with Cloud Services
Certificate and cloud service integration: It is deeply integrated with the exclusive load balancing service. When the load balancing listener uses the HTTPS service, it supports the selection of available certificates to provide a unified interactive experience. Key integration with cloud services: It can be integrated with services such as IAM, computing services, and mirroring services. You can manage keys through key services, and you can also encrypt local data through key management APIs.
Reduce Input Costs
The private certificate service avoids the high cost of commercial certificates, especially in the development and testing stages, the functions of commercial certificates can be tested by using free certificates, which greatly reduces IT costs. The key service provides unified key management policies and encryption APIs for cloud services, and users do not need to build their own cryptographic infrastructure.
Security Compliance
The keys of the key service are generated and stored by a hardware encryption machine certified by the State Cryptography Administration to perform cryptographic operations to ensure the security and compliance of the keys. The private CA service can issue client certificates and server certificates, provide end-to-end encryption, and meet customer requirements for security scenarios.
Use cases
Scenarios
Protect Enterprise Information Applications
Establish a unified enterprise certificate management system, realize the full life cycle management of certificates, integrate continuous monitoring and automatic management capabilities, and prevent risks caused by poor certificate management. Certificates are used for application identity authentication and data encryption and decryption within the enterprise.
Digital Identity Authentication
Compared with the server, the client certificate is a digital certificate used to prove the identity of the client user. The user can prove his true identity when communicating with the server. It is suitable for client-side strong identity authentication of various internal systems, online applications and network resources. The client certificate is a more secure digital identity authentication, which uses the client certificate to replace the username and password to safely access the system.
VPN Server Uses Client Certificate Authentication
VPN Server uses a client certificate authentication mechanism to replace traditional user names and passwords to enhance VPN security and protect the internal systems of the organization.
Protect the Confidentiality and Integrity of Cloud Service Data
The key service uses cryptographic algorithms and cryptographic devices certified by the Chinese National Cryptography Administration to easily create and control keys used to encrypt data, and integrates with multiple cloud services to help you protect the confidentiality and integrity of data on these services