AWS ‐ Encryption & Security ‐ PKI Services | Key Management | Secrets Manager | Encryption SDK

Cryptograph Services (Enc/Dec Data)

Confidentiality - encrypting data is keeping the data safe from plain eyes
Data Integrity - Ensure data cannot be altered by unauthorized personality, encrypt and send the data to other party to ensure data is not tampered to ensure integrity
Authentication
Non-Repudiation

Encryption Algorithm

Symmetric
- enc + dec using same key
- Less secure, as it requires to use the same key with consuming party
Asymmetric
- enc + dec using public and private key
  - Public key (less sensitive key) - to encrypt the data, it can be shared to parties who wants to encrypt the data, cannot be used to decrypt
  - Private key (protected key) - to decrypt the data, should not be shared, keep it with you to decrypt the data
- Secured algorithm than symmetric

AWS Cryptography Services

AWS CloudHSM

It is a secure key storage, It is a hardware security modules (HSM), these are physical devices to store the secrets securely, better than software modules as it cannot be broken easily, not exposed to internet unless any specific need, HSM used for advanced security

AWS ‐ Encryption & Security ‐ PKI Services | Key Management | Secrets Manager | Encryption SDK

Cryptograph Services (Enc/Dec Data)

Encryption Algorithm

AWS Cryptography Services

AWS CloudHSM

AWS KMS (Key Management Service)

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!