Let Us Decrypt Envelope Encryption
This is for all the newbies to the aws cloud. Understanding the little things will definitely help your journey. Hope you enjoy it !!!
What is encryption?
Data encryption translates data into another form, or code, so that only people with access to a secret key or data key can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext Data. Currently, encryption is one of the most popular and effective data security methods used by organizations. Here
If someone gets hold of the Plaintext Data Key, they can easily decrypt the data. How to secure it more?
Answer is Envelope Encryption?
Envelope encryption is the practice of encrypting plaintext data with a plaintext data key, and then encrypting the plaintext data key under another key(KMS key)
Now whoever has access to the KMS key, will be allowed to decrypt the data key and hence decrypt the data itself. It is a way to secure your data more. This is seen in services offered by AWS like EBS volumes, S3 etc.
Some features of AWS KMS (Key management system)
· This KMS key is NOT used to encrypt the data itself
· The KMS key can only encrypt or decrypt 4KB of data
So, it cannot encrypt your data which could be in MBs or GBs
· We use the KMS to encrypt and decrypt small data like the Data key
· KMS is a fully managed centralized key management system
· It integrates with AWS services
· The usage of this KMS key can be audited ie who did what with the key?
Happy learning guys !!!
By Sabiha Ali, Cloud Engineer, Scalecapacity
