HashiCorp Vault 项目——支持的加密算法
HashiCorp Vault project - supported encryption algorithms
Vault project 具有特征:
Data Encryption: Vault can encrypt and decrypt data without storing
it. This allows security teams to define encryption parameters and
developers to store encrypted data in a location such as SQL without
having to design their own encryption methods.
The transit secret backend handles cryptographic functions on data
in-transit. Vault doesn't store the data sent to the backend. It can
also be viewed as "cryptography as a service."
- 是否支持使用secp192r1曲线的ECDSA?
POST /transit/keys/<name> - 创建指定类型的新命名加密密钥,稍后可用于 encryption/decryption 或 signing/verifying。它会创建私有密钥对和 public 吗? get/output public 键有什么方法吗?- 是否可以创建自定义秘密后端来执行加密操作但不会 return 私钥?
从Vault project - Jeff得到答案:
Does it support ECDSA using secp192r1 curve?
Not currently.
POST /transit/keys/<name> - creates a new named encryption key of the specified type which later can be used for encryption/decryption or signing/verifying. Does it create key pair of private and public? Is there any method to get/output public key?
If the key type is a public/private type, a read on the key will
return the public key.
Is it possible to create custom secret backend which would perform cryptographic operations but would not return private keys?
This is exactly what transit does.
Vault project 具有特征:
Data Encryption: Vault can encrypt and decrypt data without storing it. This allows security teams to define encryption parameters and developers to store encrypted data in a location such as SQL without having to design their own encryption methods.
The transit secret backend handles cryptographic functions on data in-transit. Vault doesn't store the data sent to the backend. It can also be viewed as "cryptography as a service."
- 是否支持使用secp192r1曲线的ECDSA?
POST /transit/keys/<name>- 创建指定类型的新命名加密密钥,稍后可用于 encryption/decryption 或 signing/verifying。它会创建私有密钥对和 public 吗? get/output public 键有什么方法吗?- 是否可以创建自定义秘密后端来执行加密操作但不会 return 私钥?
从Vault project - Jeff得到答案:
Does it support ECDSA using secp192r1 curve?Not currently.
POST /transit/keys/<name> - creates a new named encryption key of the specified type which later can be used for encryption/decryption or signing/verifying. Does it create key pair of private and public? Is there any method to get/output public key?If the key type is a public/private type, a read on the key will return the public key.
Is it possible to create custom secret backend which would perform cryptographic operations but would not return private keys?This is exactly what transit does.