DEV Community

Discussion on: Using cryptography to protect PII in GDPR protected jurisdictions

Collapse
 
grillbiff profile image
Erik Johansson

Thank you for a great article!
A question regarding the key hierarchy and cost management.
Would you see any problems with only creating a KMS key which is used for encrypting the user AES key. The user AES key is in turn used for encrypting the order AES key. Both encrypted AES keys are stored alongside its record.
I guess my question is, why even create a KMS key for the order if decrypting it already depends on the user key?