本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # AWS CloudHSM 管理实用程序的 HSM 用户权限表 下表列出了按可在 AWS CloudHSM中执行操作的 HSM 用户或会话类型排序的硬件安全模块(HSM)操作。 | | 加密员 (CO, Crypto officer) | 加密用户 (CU) | 设备用户 (AU) | 未经身份验证的会话 | | --- | --- | --- | --- | --- | | 获取基本集群信息¹ | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | | 更改自己的密码 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | 不适用 | | 更改任意用户的密码 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | | 添加、删除用户 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | | 获取同步状态² | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | | 提取、插入遮蔽对象³ | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | | 密钥管理功能⁴ | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | | 加密、解密 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | | 签署、验证 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | | 生成摘要和 HMACs | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | ![\[Yes\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png) 不支持 | ![\[No\]](http://docs.aws.amazon.com/zh_cn/cloudhsm/latest/userguide/images/icon-no.png)否 | + [1] 基本集群信息包括集群 HSMs 中的数量以及每个 HSM 的 IP 地址、型号、序列号、设备 ID、固件 ID 等。 + [2] 用户可以获取与 HSM 上的密钥对应的一组摘要(哈希值)。应用程序可以比较这些摘要集,以了解集群 HSMs 中的同步状态。 + [3] 遮蔽对象是在离开 HSM 之前进行加密的密钥。它们无法在 HSM 外部加密。只有在将其插入 HSM 之后,并且该 HSM 所在集群与提取它们时的 HSM 的集群相同,才会解密它们。应用程序可以提取和插入被屏蔽的对象,以便 HSMs 在群集中同步。 + [4] 密钥管理功能包括创建、删除、包装、解开包装和修改密钥的属性。