MarketplaceCommunityDEENDEENProductsCloud ServicesRoadmapRelease NotesService descriptionCertifications and attestationsManaged ServicesBenefitsSecurity/DSGVOSustainabilityOpenStackMarket leaderBusiness NavigatorPricesPricing modelsComputing & ContainersStorageNetworkDatabase & AnalysisSecurityManagement & ApplicationsPrice calculatorSolutionsIndustriesHealthcarePublic SectorScience and researchAutomotiveMedia and broadcastingRetailUse CasesArtificial intelligenceHigh Performance ComputingBig data and analyticsInternet of ThingsDisaster RecoveryData StorageTurnkey solutionsTelekom cloud solutionsPartner cloud solutionsSwiss Open Telekom CloudReferencesPartnerCIRCLE PartnerTECH PartnerBecome a partnerAcademyTraining & certificationsEssentials trainingFundamentals training coursePractitioner online self-trainingArchitect training courseCertificationsCommunityCommunity blogsCommunity eventsLibraryStudies and whitepaperWebinarsBusiness NavigatorMarketplaceSupportSupport from expertsAI chatbotShared ResponsibilityGuidelines for Security Testing (Penetration Tests)Mobile AppHelp toolsFirst stepsTutorialStatus DashboardSwitch of cloud providerFAQTechnical documentationNewsBlogFairs & eventsTrade pressPress inquiriesRadio OTCMarketplaceCommunity

0800 3304477 24 hours a day, seven days a week

Write an E-mail 

Book now and claim 250 € starting credit
ProductsCloud ServicesManaged ServicesBenefitsBusiness NavigatorPricesPricing modelsPrice calculatorSolutionsIndustriesUse CasesTurnkey solutionsSwiss Open Telekom CloudReferencesPartnerCIRCLE PartnerTECH PartnerBecome a partnerAcademyTraining & certificationsCommunityLibraryBusiness NavigatorMarketplaceSupportSupport from expertsHelp toolsTechnical documentationNewsBlogFairs & eventsTrade pressPress inquiriesRadio OTC
  • 0800 330447724 hours a day, seven days a week
  • Write an E-mail 
Book now and claim 250 € starting credit
HomeSupportRelease NotesMinor KMS Upgrade

Minor KMS Upgrade

The Key Management Service enables data encryption and decryption, as well as the management, creation, and deletion of keys. As an alternative to a key generated by the Open Telekom Cloud, customers can use their own key (Bring Your Own Key). All keys are stored in a hardware security module for protection.

This new update includes the following changes:

  • Changed user interface
    • "Create Key" is now used for key creation and key import (Origin = KMS or External).
    • When creating a key: New key algorithms for using "GENERATE_VERIFY_MAC" (see below for more information)
    • When deleting a key: To confirm deletion, the user must also enter "DELETE".
  • New feature: Aliases in KMS
    • An alias is a user-friendly name for a KMS key. For example, you can refer to a KMS key as "alias/test-key" instead of "1bbae24d-849c-4691-87e4-dcca4fc8c1e2."
    • You can use the alias as a key ID in API calls.
  • New key algorithms HMAC_256, HMAC_384, and HMAC_512
    • Hash-Based Message Authentication Code (HMAC) KMS keys are symmetric keys that you use to generate and verify HMACs within KMS. The unique key material of each HMAC KMS key provides the secret key required by HMAC algorithms. With an HMAC KMS key, you can verify the integrity and authenticity of data.
    • HMAC algorithms combine a cryptographic hash function with a shared secret key. They process a message and a secret key, such as the key material of an HMAC-KMS key and return a unique code or tag of a fixed size. If even a single character of the message changes, or if the secret key is not identical, the resulting tag will be completely different. By requiring a secret key, HMAC also ensures authenticity; without the secret key, it is impossible to generate an identical HMAC tag.
    • HMAC-KMS keys allow you to determine the authenticity of a message, such as a JSON Web Token (JWT), tokenized credit card information, or a submitted password. They can also be used as secure key derivation functions (KDFs), particularly in applications that require deterministic keys.
    • HMAC-KMS keys offer an advantage over HMACs from application software because the key material is generated and used entirely within the KMS and is subject to the access controls you specify for the key.
    • HMAC KMS keys only support the GenerateMac and VerifyMac cryptographic operations. You cannot use HMAC KMS keys to encrypt data or sign messages, or use other KMS key types in HMAC operations.
    • HMAC KMS keys do not support automatic key rotation.
    • If you create a KMS key to encrypt data in an OTC service, use a symmetric encryption key. Using an HMAC KMS key is not possible.
Back to overview Release Notes 
 

Do you have questions?

We answer your questions about testing, booking and use – free of charge and individually. Try it! 
Hotline: 24 hours a day, 7 days a week
0800 3304477 from Germany / 00800 33044770 from abroad

Write an E-mail
Key Management Service

The Open Telekom Cloud Community

This is where users, developers and product owners meet to help each other, share knowledge and discuss.

Discover now

Free expert hotline

Our certified cloud experts provide you with personal service free of charge.

 0800 3304477 (from Germany)

 +800 33044770 (from abroad)

 24 hours a day, seven days a week

Write an E-Mail

Our customer service is available free of charge via E-Mail

Write an E-Mail

AIssistant Cloudia

Our AI-powered search helps with your cloud needs.

In order to use our AI-powered seach you must first accept the cookies for services by other companies.

Accept the cookies for services by other companies