Public Key Encryption in the Cloud

--

We are increasingly moving into the public cloud for our security, and often need to use public key encryption (asymmetric key) to encrypt and decrypt data. Basically, for this, we create a key pair: a public key and a private key. One of these keys is used to encrypt, and the other can decrypt. Normally we use the public key to encrypt and decrypt with the private key.

In the following figure, Bob uses Alice’s public key to encrypt data, and which creates ciphertext. Alice then decrypts this ciphertext with her private key:

If we use asymmetric keys, we typically just have the choice of using RSA to encrypt and decrypt data. This is because elliptic curve cryptography does not naturally support encryption and decryption, and we must use hybrid methods (such as with ECIES).

Creating an RSA key pair in AWS

Now, let’s create an RSA key pair for encrypting a file. Our keys are contained in the KMS:

--

--

Prof Bill Buchanan OBE FRSE
ASecuritySite: When Bob Met Alice

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.