1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
According to the AWS Encryption SDK FAQ:
How do I keep track of the data keys that were used to encrypt my data?
The AWS Encryption SDK does this for you. When you encrypt data, the SDK encrypts
the data key and stores the encrypted key along with the encrypted data in the
encrypted message that it returns. When you decrypt data, the AWS Encryption
SDK extracts the encrypted data key from the encrypted message, decrypts it,
and then uses it to decrypt the data.
How does the AWS Encryption SDK store encrypted data keys with their encrypted data?
The encryption operations in the AWS Encryption SDK return an encrypted message,
a single data structure that contains the encrypted data and its encrypted data keys.
The message format consists of at least two parts: a header and a body. The message
header contains the encrypted data keys and information about how the message
body is formed. The message body contains the encrypted data. If the algorithm suite
includes a digital signature, the message format includes a footer that contains the
signature. For more information, see AWS Encryption SDK message format reference.
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 3 anni fa
Hi, thanks for your answer. I think our use case is different because we don't store our data with kms. basically we use the encrypted key outside of aws to do the encryption.
You don't have to run the AWS Encryption SDK code inside of AWS or store the encrypted object in AWS. I really think the SDK is the answer you are looking for.