• API White Paper

  1. Help Center
  2. API White Paper
  3. API Reference
  4. Open Telekom Cloud API Overview
  5. Open Telekom Cloud KMS API Overview
  6. Application Scenarios

Application Scenarios

  • OBS cloud encryption

    Encryption process: When a user uploads an object through an OBS API, if the KMS Encryption option is selected, OBS will represent the user to access the Key Management System (KMS). KMS then assigns a Data Encryption Key (DEK) to the uploaded object and uses DEK to encrypt the uploaded object. After using Customer Master Key (CMK) of the tenant to encrypt DEK, KMS stores the ciphertext of DEK to the metadata of the encrypted object.

  • OBS cloud decryption

    Decryption process: When a user downloads an encrypted object through an OBS API, OBS will obtain the ciphertext of DEK from the metadata of the encrypted object, and use KMS to decrypt DEK, which is used to decrypt the object plaintext, and send the plaintext to the user.