What encryption algorithms can be used for envelope encryption?

Envelope encryption typically combines symmetric and asymmetric encryption algorithms to securely encrypt data. Here's how it works and examples of algorithms used:

1. Symmetric Encryption for Data: A symmetric key (e.g., AES) is used to encrypt the actual data because it’s faster for large datasets.

   • Example: AES-256 (Advanced Encryption Standard with 256-bit key).

2. Asymmetric Encryption for Key Protection: The symmetric key is encrypted using an asymmetric algorithm (e.g., RSA or ECC) to securely share it with authorized parties.

   • Example: RSA-2048 (Rivest-Shamir-Adleman with 2048-bit key) or ECC (Elliptic Curve Cryptography, such as ECDSA with P-256 curve).

For envelope encryption in cloud environments, Tencent Cloud Key Management Service (KMS) supports AES for data encryption and RSA/ECC for key encryption, providing a secure and scalable solution.