How Key Cryptography Encryption Works

We all have sensitive information to store. For an e-commerce business it’s a customer data. For a hospital it’s a patient record. But what happens if someone gains access to it and tries to misuse it? If an unauthorized gains access to your hardware disk it could be disastrous. That’s where cryptographic encryption helps.

Cryptography encryption is a process that conceal or hide the data. So, no one can access it except for those with authorization. This type of encryption protect the data at rest. Therefore, it is used by many cloud service provider like Google, AWS and Oracle. How does it work? I will discuss it later. But first, which cloud services use this key-based encryption?

1. Filestore
2. Cloud Storage
3. Cloud SQL

Essentially, any service requiring data encryption at rest can utilize this method.

Let’s understand how this encryption works. When you upload a file to cloud storage, the encryption key manager sends a data encryption key (DEK) to encrypt the object and store it in the cloud storage. Once the encryption is complete and the object is stored, the data encryption key is deleted from the memory. However, a copy of the DEK, encrypted with the master encryption key, is stored in the cloud storage. These keys are managed by the encryption key manager. The encryption key manager is like a vault for securely generating and storing these encryption keys.

Figure 1: Encryption and Decryption Process

So, what happens if someone tries to fetch the data? Do they get encrypted data? No, if they have authorization to retrieve it, they will get the data in its original form. Now let’s understand how decryption works. If I try to fetch the data from the cloud storage the encryption key manager requests for the encrypted DEK. In return, it sends the data encryption key. The DEK is then used to decrypt the data and the user gets the data in its original form.

Encryption is divided in two types: symmetric and asymmetric. Symmetric uses the same key to encrypt and decrypt the data, while asymmetric encryption uses the public and a private key for encrypting and decrypting the data. The public key is used for encryption, and the private key is used for decryption. Both the encryption and decryption processes are well-explained in the diagram. There are more complicated versions, but this is the simplest one. I hope this will be helpful.

Nowadays protecting the data should be a top priority. Using the cryptography encryption for such scenario is the best solution one can think of.