Understanding Key Manager cryptography

Reviewed on October 23, 2025

Cryptographic primitives in Scaleway Key Manager

This page provides information on the core cryptographic mechanisms used by Key Manager. It explains how cryptographic keys are generated, managed, and used to encrypt data. Key Manager uses these mechanisms in compliance with the cryptographic guidelines issued by France's national cybersecurity agency, as outlined in the ANSSI-PA-079 recommendations, to ensure the confidentiality and integrity of customer data.

Encryption algorithm

An encryption algorithm is the specific procedure used to perform encryption and decryption. It defines the exact steps to transform plaintext into ciphertext and vice versa using a key.

As of now, Key Manager supports the following symmetric encryption algorithm:

• AES (Advanced Encryption Standard): A widely used symmetric encryption algorithm.

It also supports the following asymmetric encryption algorithms:

• RSA-OAEP-2048-SHA256: RSA encryption with 2048-bit key and OAEP padding using SHA-256.
• RSA-OAEP-3072-SHA256: RSA encryption with 3072-bit key and OAEP padding using SHA-256. (Recommended)
• RSA-OAEP-4096-SHA256: RSA encryption with 4096-bit key and OAEP padding using SHA-256.

Encryption method

An encryption method is a broader approach used to convert readable data (plaintext) into an unreadable format (ciphertext) which may involve one or more encryption algorithms.

There are three types of encryption methods:

• Symmetric encryption
• Asymmetric encryption
• Hybrid encryption: An encryption method that combines both symmetric and asymmetric methods

Key Manager supports symmetric and asymmetric encryption.

Encryption scheme

An encryption scheme is a structured approach to encryption that specifies the encryption algorithm, key size, and mode of operation for block ciphers.

For example, in the AES-256-GCM encryption scheme:

• AES refers to the Advanced Encryption Standard (AES) encryption algorithm
• 256 refers to the key length in bits
• GCM or Galois/Counter Mode, is the mode of operation for block ciphers. GCM encrypts your plaintext data using AES, and authenticates it using a unique "tag". This means that if anyone tampers with your data, you will know because the tag will not match anymore.

Signature

Signature is a cryptographic technique used to ensure the authenticity and integrity of data. In this process, a digest (hash) of the message is created and then signed using a private key. This signature can later be verified by anyone with access to the corresponding public key.

Signatures are widely used in scenarios like document signing, secure communication, and identity verification. They offer assurance that the data originated from a trusted source and has not been tampered with.

As of now, Key Manager supports the following asymmetric signing algorithms:

• EC-P256-SHA256: ECDSA signing with the P-256 curve and SHA-256. (Recommended)
• EC-P384-SHA256: ECDSA signing with the P-384 curve and SHA-384.
• RSA-PSS-2048-SHA256: RSA-PSS signing with 2048-bit key and SHA-256.
• RSA-PSS-3072-SHA256: RSA-PSS signing with 3072-bit key and SHA-256.
• RSA-PSS-4096-SHA256: RSA-PSS signing with 4096-bit key and SHA-256.
• RSA-PKCS1-2048-SHA256: RSA PKCS#1 v1.5 signing with 2048-bit key and SHA-256.
• RSA-PKCS1-3072-SHA256: RSA PKCS#1 v1.5 signing with 3072-bit key and SHA-256.
• RSA-PKCS1-4096-SHA256: RSA PKCS#1 v1.5 signing with 4096-bit key and SHA-256.

Random number generation

Key encryption key (KEK) generation

Scaleway Key Manager uses a Cryptographically Secure Pseudorandom Number Generator (CSPRNG) to generate both keying material for managed keys and cryptographically unique initialization vectors (IVs).

This CSPRNG is based on the ChaCha-based pseudorandom number generator provided by modern Linux kernels. It is seeded with high-entropy, unpredictable sources, such as:

• Timing variations from hardware events
• True Random Number Generators (TRNGs), including the RDSEED and RDRAND instructions available on AMD64 processors

Customer-provided KEKs (BYOK)

Scaleway Key Manager supports Bring Your Own Key (BYOK), allowing customers to import their own key material. In this model, Scaleway does not generate keys on behalf of the customer. Instead, the responsibility for generating strong key material lies with the user.

To protect against direct reuse, imported key material is not used directly. Instead, it is processed using the HKDF algorithm (HMAC-based Key Derivation Function) with SHA-256 as the hash algorithm, incorporating secure random bytes added as a salt value.

Asymmetric encryption

Asymmetric encryption is a fundamental type of cryptographic method used to secure data with a pair of keys: a public key and a private key.

The public key is used for encryption and can be shared openly, while the private key is used for decryption and must be kept secret. This design eliminates the need to share a single key securely, which is a challenge in symmetric encryption.

Asymmetric encryption is particularly well-suited for secure communication and authentication, such as encrypting emails or verifying digital signatures. However, it is slower than symmetric encryption. Algorithms like RSA and ECC are common examples of asymmetric encryption.

As of now, Key Manager supports the following asymmetric encryption algorithms:

• RSA-OAEP-2048-SHA256: RSA encryption with 2048-bit key and OAEP padding using SHA-256.
• RSA-OAEP-3072-SHA256: RSA encryption with 3072-bit key and OAEP padding using SHA-256. (Recommended)
• RSA-OAEP-4096-SHA256: RSA encryption with 4096-bit key and OAEP padding using SHA-256.

Symmetric encryption

Scaleway Key Manager uses AES-256-GCM (AES with a 256-bit key in Galois/Counter Mode) with authenticated associated data (AEAD) for encrypting and decrypting user payloads.

To reduce the risk of key overuse, plaintext payloads are limited to a maximum size of 64 KiB. A unique 96-bit initialization vector (IV) is generated using the CSPRNG described in the section above.