Exporting DSM keys to Cloud Providers for BYOK

1.0 Introduction

There are several ways to export Fortanix-Data-Security-Manager (DSM) keys to major cloud providers that support BYOK for server-side encryption.

2.0 Prerequisite

Download DSM CLI from here.

3.0 Alibaba

Create an external key in Alibaba.
1. Create a new key by selecting key material source as “External”.
2. Newly created key should show up with status as “Pending Import” and key material source as "External".
Download key encryption material.
Download the key encryption material, you will need it for key wrapping in DSM and key importing into Alibaba.
- Public key
- Import Token
Import Alibaba public key into DSM.
Import the public key from previous step into DSM as RSA key.
Create Customer Master Key in DSM.
Create a new AES key and make sure to select the “exportable” option.

Authenticate the app.

sdkms-cli app-login --api-endpoint Fortanix Data Security Manager --api-key YOUR_APP_API_KEY

Where,

YOUR_APP_API_KEY is the API key of an app in Fortanix DSM.

Wrap customer master key with Alibaba public key.
1. Use DSM-Cli to wrap the newly created AES key (customer master key) with imported Alibaba public key.
```
$ sdkms-cli wrap-key --kid <Taget Key UUID in DSM > --alg RSA --mode OAEP_MGF1_SHA1 --wrapping-kid <UUID of Alibaba Wrapping Public Key > --out alibabawrap.key
```
  Where,
  - <Target Key UUID in DSM> is the UUID of the key in Fortanix DSM that you want to copy to Alibaba KMS.
  - <UUID of Alibaba Wrapping Public Key> is the UUID of the public key imported into Fortanix DSM user interface (UI) in Step 3.
2. Apply base64 encoding on wrap key.
```
$ openssl enc -e -base64 -A -in alibabawrap.key -out alibabawrapbase64.key
```
Upload key into Alibaba KMS.
Import the encoded wrap key into Alibaba. You will also need the import token which we downloaded from Alibaba in Step 2.
Alibaba KMS should have external key enabled now.
With successful import your external key should be "Enabled" now.

Exporting DSM keys to Cloud Providers for BYOK - Alibaba

1.0 Introduction

2.0 Prerequisite

3.0 Alibaba

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6