All geek questions in one place

How does Amazon SSE-S3 key rotation work?

I'm trying to ponder the options for Amazon Server Side Encryption, so I can start asking S3 to encrypt my data alone when my applications upload files.

So far, the AWS-Managed Encryption Keys option looks like I'm looking for ( Model C ):

enter image description here

But then he says

For added security, this key is encrypted using a periodically rotating master key, unique to Amazon S3, that is securely stored on separate systems running AWS.

How does this turn work? Does this mean that every time AWS rotates the key encryption key, it must re-encrypt EVERY SINGLE Data Key stored in S3 ???

It seems crazy to me, and I don't want to seem crazy when I try to convince my boss that this is a good idea :)

+5
source share
1 answer

For each downloaded object, a new encryption key is created and used to encrypt the object before saving it to disk.

Having stored in an encrypted object means that it is impossible to calculate for someone who has raw data stored on the disk to decrypt it ... but, of course, anyone who has this key can decrypt it, so the keys have for safe storage and in a relatively useless form, and this is done by encrypting them using the master key.

To compromise a stored object, you must have a special encryption key for this object ... but even if you have one, it is useless, since it was also encrypted. In order to get its decryption, or at least use it on your behalf, you must have a master key or have a trust relationship with an entity that manages the primary key and can use it on your behalf.

So far, everything that I really did is obviously obvious.

The encryption keys themselves are tiny, just a few tens of bytes each. When the master key is rotated, object-specific encryption keys are decrypted with the old key and re-encrypted with the new key. New versions are kept, and old versions are discarded.

Since the keys are small, this is not a massive operation that would be required if the objects themselves were decrypted and re-encrypted ... but these are only encryption keys for each object that are decrypted and re-encrypted when the master key is rotated.

Several analogies could be drawn in the apartment complex, where the keys are stored in a common lock, where changing the lock lock restricts future access to individual apartments, restricting access to individual apartments, restricting access to the shared lock. The analogy breaks because physical keys are easily copied, among other reasons ... but this illustration shows that changing the lock lock (a relatively simple operation) will not be related to changing the lock on one or more apartments (a much more significant operation).

In this case, they create a new secret key to encrypt / decrypt each object you upload, and then store this secret key in encrypted form ... periodically and transparently for you, they change their saved representation of this secret key as a preventive measure.

+7
source

Source: https://habr.com/ru/post/1215605/

More articles:


All Articles