Outline
Encryption
Stages of data encryption
Key generation
Encryption in AWS
AWS Key Management Service (AWS KMS)
Encryption
Encryption refers to the conversion of files or data from one state to another while it is being transferred from one place to another or from one point to another to prevent it from being viewed except by the authorized person, where files are converted from readable file to unreadable unless decryption keys are used by the authorized person or entity. In general, encryption ensures the confidentiality and security of information and communications and contributes to the protection of privacy and the preservation of data integrity.
There are states and types of encryption:
- Encryption in transit:
When transferring with encryption keys, keys are used to encrypt and decrypt the data during the transmission. Encrypting data with a key means converting data into a form that is unreadable unless the correct key is present. When the data is received at the intended end, the correct key is used to decrypt it and restore it to its original state This is done while transferring data and files from one point to another.
- Encryption at rest:
Encryption during storage after delivery.
Stages of data encryption
Data and files before encryption are called plain text, i.e. plain text, images, video, or any form of data. After the encryption process, they are called cipher text, i.e. encrypted data. When using the decryption key, the data returns to its original state as plain text.
There are two types of encryption:
- Symmetric encryption: With this encryption, the same key is used for encryption and decryption.
- Asymmetric encryption: Two keys are used, one for encryption and one for decryption
Key generation
Key generation is the process of creating cryptographic keys used in various cryptographic algorithms and protocols. Cryptographic keys are essentially a string of random bits that serve as inputs to encryption and decryption algorithms.
A device or program used to generate keys is called a key generator or keygen.
Encryption in AWS
In the services provided by AWS, AWS supports both symmetric keys and asymmetric keys for encryption, and there are some services that use symmetric keys in encryption operations, and some other services that use asymmetric keys.
AWS also has other services that provide multiple encryption options using both symmetric and asymmetric keys, such as AWS CloudHSM, Amazon Kinesis, Amazon EKS, and others. See the official AWS documentation and developer guides for more details on how symmetric and asymmetric keys are used in specific services.
AWS encryption keys are used in AWS services:
Symmetric Keys:
• Amazon S3: Managed S3 Server-Side Encryption with symmetric keys can be used to encrypt data stored in an S3 bucket.
• Amazon EBS: EBS supports symmetric keys for storage disk encryption.
• Amazon RDS: Symmetric keys can be used to encrypt databases in RDS.
2. Asymmetric Keys:
• AWS Key Management Service (KMS): KMS allows you to create and manage asymmetric keys, which can be used in different AWS services such as S3, EBS, RDS, and others.
• AWS Certificate Manager (ACM): ACM uses asymmetric keys to issue and manage digital certificates that are used to secure HTTPS connections.
AWS also has other services that provide multiple encryption options using both symmetric and asymmetric keys, such as AWS CloudHSM, Amazon Kinesis, Amazon EKS, and others. See the official AWS documentation and developer guides for more details on how symmetric and asymmetric keys are used in specific services.
AWS Key Management Service (AWS KMS)
In AWS there is the KMS (Key Management Service) and its function is to generate encryption keys and it is compatible with most other AWS services that need encryption. Which is a managed service that makes it easy to create and control the cryptographic keys that are used to protect your data. AWS KMS uses hardware security modules (HSM) to protect and validate your AWS KMS keys under the FIPS 140-2 Cryptographic Module Validation Program.
An AWS KMS key is a logical representation of an encryption key. It is an essential resource in AWS KMS. To use or manage KMS keys, AWS KMS is required. The following three types of KMS keys can be generated in AWS KMS:
• Client-managed key: Established by the organization.
• AWS managed key: Generated by AWS services that use KMS keys to encrypt enterprise service resources.
• AWS-owned key: KMS keys created by AWS services in a service account.
Other uses of AWS KMS include:
• Protect your data at rest
• Encrypt and decrypt data
• Sign and verify digital signatures
• Validate JSON web tokens using HMAC
References:
https://docs.aws.amazon.com/kms/latest/developerguide/overview.html
https://www.techtarget.com/searchaws/definition/AWS-Key-Management-Service-AWS-KMS
Top comments (0)