AWS Encryption SDK
-------------------
AWS encryption SDK is available for Python,
The AWS Encryption SDK for Python provides a fully compliant, native Python implementation of the AWS Encryption SDK.
There are four main concepts that you need to understand to use this library:
Cryptographic Materials Managers
Cryptographic materials managers (CMMs) are resources that collect cryptographic materials and prepare them for use by the Encryption SDK core logic.
An example of a CMM is the default CMM, which is automatically generated anywhere a caller provides a master key provider. The default CMM collects encrypted data keys from all master keys referenced by the master key provider.
An example of a more advanced CMM is the caching CMM, which caches cryptographic materials provided by another CMM.
Master Key Providers
Master key providers are resources that provide master keys. An example of a master key provider is AWS KMS.
To encrypt data in this client, a MasterKeyProvider object must contain at least one MasterKey object.
MasterKeyProvider objects can also contain other MasterKeyProvider objects.
Master Keys
Master keys generate, encrypt, and decrypt data keys. An example of a master key is a KMS customer master key (CMK).
Data Keys
Data keys are the encryption keys that are used to encrypt your data. If your algorithm suite uses a key derivation function, the data key is used to generate the key that directly encrypts the data.
The Encryption SDK is available in below programming languages
AWS encryption SDK for C, Python Java, Javascript, .NET.
AWS Database Encryption SDK
--------------------------
The AWS Database Encryption SDK is a set of software libraries that enable you to include client-side encryption in your database design. The AWS Database Encryption SDK provides record-level encryption solutions. You specify which fields are encrypted and which fields are included in the signatures that ensure the authenticity of your data. Encrypting your sensitive data in transit and at rest helps ensure that your plaintext data isn’t available to any third party, including AWS. The AWS Database Encryption SDK is provided free of charge under the Apache 2.0 license.
The AWS Database Encryption SDK supports Amazon DynamoDB with attribute-level encryption. Version 3.x of the Java client-side encryption library for DynamoDB is a major rewrite of the DynamoDB Encryption Client for Java. It includes many updates, such as a new structured data format, improved multitenancy support, searchable encryption, and support for seamless schema changes.
Amazon S3 Encryption Client
---------------------------
The Amazon S3 Encryption Client is a client-side encryption library that enables you to encrypt an object locally to ensure its security before passing it to Amazon Simple Storage Service (Amazon S3). Amazon S3 receives your object already encrypted; it does not play a role in encrypting or decrypting it. After you instantiate the Amazon S3 Encryption Client, your objects are automatically encrypted and decrypted as part of your Amazon S3 PutObject and GetObject requests. The Amazon S3 Encryption Client is provided free of charge under the Apache 2.0 license.
The Amazon S3 Encryption Client provides:
A default implementation that adheres to cryptography best practices
By default, the Amazon S3 Encryption Client generates a unique data key for each object that it encrypts. This follows the cryptography best practice of using unique data keys for each encryption operation.
The Amazon S3 Encryption Client encrypts your objects using a secure, authenticated, symmetric key algorithm.
A framework for protecting data keys with wrapping keys
The Amazon S3 Encryption Client protects the data keys that encrypt your objects by encrypting them under a wrapping key. With the Amazon S3 Encryption Client, you define a wrapping key by passing the key to the Amazon S3 Encryption Client, which it uses to optimize its settings.
references:
https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/what-is-database-encryption-sdk.html
No comments:
Post a Comment