Scribd Logo
Upload

Welcome to Scribd!

  • AWS Encryption SDK

    Uploaded by

    abhi4wit
    53 views1 page
    1. The GenerateDataKey API from KMS is called to retrieve an encryption key in both plain text and encrypted formats for encrypting large files. 2. The encryption and decryption of the file happens on the client side using the plain text key, with the encrypted key bundled with the encrypted file data in a process called envelope encryption. 3. Decryption involves calling the decrypt API to decrypt the encrypted key and then using the plain text key to decrypt the file data.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The GenerateDataKey API from KMS is called to retrieve an encryption key in both plain text and encrypted formats for encrypting large files. 2. The encryption and decryption of the file happens on the client side using the plain text key, with the encrypted key bundled with the encrypted file data in a process called envelope encryption. 3. Decryption involves calling the decrypt API to decrypt the encrypted key and then using the plain text key to decrypt the file data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    53 views1 page

    AWS Encryption SDK

    Uploaded by

    abhi4wit
    1. The GenerateDataKey API from KMS is called to retrieve an encryption key in both plain text and encrypted formats for encrypting large files. 2. The encryption and decryption of the file happens on the client side using the plain text key, with the encrypted key bundled with the encrypted file data in a process called envelope encryption. 3. Decryption involves calling the decrypt API to decrypt the encrypted key and then using the plain text key to decrypt the file data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    GenerateDataKeyApi is

    called on KMS to get the


    CMS key in the Plain
    text and Encrypted
    format

    If the file to be 1. Client Request for


    The technique is called
    encrypted is more that CMS Key using the
    Envelope Encyption
    4KB then use this GenerateDataKey API
    for encrypting a large
    file
    This is different from
    Facts
    the AWS S3 encryption
    2. The KMS responds
    back with 2
    Both the Encryption and components, the CMS
    Decryption happens on key in Plain Text and
    the client side CMS key encrypted.

    3. The File itself in


    Encrypted using the
    Flow Plain Text key
    AWS Encryption SDK

    4. The Encrypted Key in


    aws-encryption-cli then bundled with
    Comes with a CLI Encrypted CMS Data key
    command
    and completes the
    Encryption. This bundle
    is termed as Envelope
    Encrytion

    5. Decryption is
    basically the reverse of
    the above steps starting
    with call the Encrypt
    and Decrypt APIS

    You might also like