Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini membahas enkripsi sisi klien, yaitu enkripsi data apa pun yang Anda lakukan sebelum mengirim data ke Cloud Storage. Untuk opsi enkripsi lainnya,
lihat Opsi Enkripsi Data.
Saat melakukan enkripsi sisi klien, Anda harus membuat dan mengelola kunci enkripsi sendiri. Anda harus menggunakan alat sendiri untuk mengenkripsi data sebelum mengirimkannya ke Cloud Storage. Data yang Anda enkripsi pada sisi klien tiba di Cloud Storage dalam keadaan terenkripsi, dan Cloud Storage tidak mengetahui kunci yang Anda gunakan untuk mengenkripsi data.
Ketika Cloud Storage menerima data Anda, data akan dienkripsi untuk kedua kalinya. Enkripsi kedua ini disebut enkripsi sisi server, yang dikelola Cloud Storage. Saat Anda mengambil data, Cloud Storage akan menghapus lapisan enkripsi sisi server, tetapi Anda harus mendekripsi lapisan sisi klien sendiri.
Anda dapat menggunakan SDK kriptografi open source, Tink, untuk melakukan enkripsi sisi klien, lalu melindungi kunci Anda dengan Cloud Key Management Service. Untuk mengetahui detail selengkapnya, lihat Enkripsi sisi klien dengan Tink dan Cloud Key Management Service.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-18 UTC."],[],[],null,["# Client-side encryption keys\n\nThis page discusses *client-side encryption* , which is any data encryption you\nperform prior to sending your data to Cloud Storage. For other encryption options,\nsee [Data Encryption Options](/storage/docs/encryption).\n\nWhen you perform client-side encryption, you must create and manage your own\nencryption keys, and you must use your own tools to encrypt data prior to\nsending it to Cloud Storage. Data that you encrypt on the client side arrives\nat Cloud Storage in an encrypted state, and Cloud Storage has no knowledge\nof the keys you used to encrypt the data.\n\nWhen Cloud Storage receives your data, it is encrypted a second time. This\nsecond encryption is called *server-side encryption*, which Cloud Storage\nmanages. When you retrieve your data, Cloud Storage removes the server-side\nlayer of encryption, but you must decrypt the client-side layer yourself.\n\nYou can use the open source cryptographic SDK, Tink, to perform client-side\nencryption, then protect your keys with Cloud Key Management Service. For more\ndetails, see [Client-side encryption with Tink and Cloud Key Management Service](/kms/docs/client-side-encryption).\n| **Warning:** Cloud Storage doesn't know if your data has already been encrypted on the client side and has no knowledge of your client-side encryption keys. You must securely manage your client-side keys and ensure that they are not lost. If you lose your keys, you are no longer able to read your data, and you continue to be charged for storage of your objects until you delete them."]]
