AWS Key Management Services
- AWS KMS is a scalable encryption and key management service provided by Amazon. We can use KMS for encrypting data & managing encryption keys
Encryption
- This is process of converting data into a format which only a authorized will be able to access and understand it.
- There are two type of encryptions
- Symmetric encryption
- Asymmetric encryption
- Symmetric encryption:
- We use a single key to encrypt and decrypt the data
- There are the following popular algorithms available
- Advance Encryption Standard (AES) AES 128, AES 192, AES 256
- Rivest Cipher 4 (RC4), RC5, RC6
- Data Encryption Standard (DES)
- Asymmetric Encryption
- This encryption uses a public key and private key combination in order to encrypt and decrypt data
- Popular algorithms are
- Public-Key Cryptography Standards (PKCS)
- Rivest-Shamir-Adleman (RSA)
- Digital Signature Algorithm (DSA)
How does KMS work
- AWS KMS centrally stores and manages the encryption keys. These encryption keys are calleda s CMKs (Customer Managed Keys)
- KMS can generate CMKs for you or you can generate CMKs and import into KMS
- KMS can be easily used with number of AWS services. It also provides client-side toolkits to encrypt data
Types of Keys
- Data Keys: Data keys are encryption keys used to encrypt data
- CMKs: The master key or CMK is used to encrypt or decrypt the data key. There are three types
- Customer managed CMKs
- AWS Managed CMKs
- AWS Owned CMKs
- Creating a CMK
- From code we can retrieve the keys and use it for encryption and decryption in our applications Refer Here
- Refer Here
AWS Certificate Manager
- SSL/TLS certificates are used for our web applications to make secure http
- Try to go throught the following article Refer Here
