本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # AWS CloudHSM Management Utility 的 HSM 使用者許可表 下表列出硬體安全模組 (HSM( 操作依可在其中執行操作的 HSM 使用者或工作階段類型排序 AWS CloudHSM。 | | 加密管理員 (CO) | 加密使用者 (CU) | 設備使用者 (AU) | 已驗證的工作階段 | | --- | --- | --- | --- | --- | | 取得基本叢集資訊¹ | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | | 變更自己的密碼 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | 不適用 | | 變更任何使用者的密碼 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | | 新增、移除使用者 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | | 取得同步狀態² | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | | 擷取、插入遮罩物件³ | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | | 金鑰管理功能⁴ | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | | 加密、解密 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | | 簽署、驗證 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | | 產生摘要和 HMAC | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-yes.png) 是 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | ![](http://docs.aws.amazon.com/zh_tw/cloudhsm/latest/userguide/images/icon-no.png) 否 | + [1] 基本叢集資訊包括叢集的 HSM 數目,以及每個 HSM 的 IP 地址、型號、序號、裝置 ID、韌體 ID 等。 + [2] 使用者可以取得一組摘要 (雜湊),這組摘要會對應到 HSM 上的金鑰。應用程式可以比較這幾組摘要,以了解叢集中的 HSM 的同步狀態。 + [3] 遮罩物件就是在離開 HSM 之前加密的金鑰。這些金錀無法在 HSM 外部解密。將金鑰插入 HSM,而且此 HSM 與先前從中擷取金鑰的 HSM 必須在同一個叢集,金鑰才會解密。應用程式可以擷取和插入遮罩物件,以同步叢集的 HSM。 + [4] 金鑰管理功能包括建立、刪除、包裝、取消包裝及修改金鑰的屬性。