Which of these statements is NOT correct, regarding KMS?

A developer needs to use some sensitive business data and operational data in the process of developing a program, but the data should be protected (encrypted or anonymized) as much as possible. In order to facilitate and secure management of data encryption keys, the developer can use Alibaba Cloud Key Management Service (KMS) envelope encryption technology.

Which of these statements is NOT correct, regarding KMS?
A . Developers can generate a plaintext data key and a ciphertext data key by calling the Generate Data Key interface.
B . Envelope encryption is an encryption mechanism similar to digital envelope technology. The technology allows you to store, transfer and use encrypted data by encapsulating their Data Keys (DKs) in an envelope, instead of y encrypting/decrypting data directly with Customer Master Keys (CMKs).
C . The user uses the master key created on KMS to encrypt and decrypt the generated data key.
D . The master key generated by KMS is also kept by the user.

Answer: A,B,C

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments