{"id":3119,"date":"2019-08-31T12:13:20","date_gmt":"2019-08-31T12:13:20","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=3119"},"modified":"2020-05-01T11:38:15","modified_gmt":"2020-05-01T11:38:15","slug":"encryption-sdks","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/","title":{"rendered":"Encryption SDKs"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>It is client-side encryption library<\/li><li>Can encrypt and decrypt data as per standards<\/li><li>Provided free by AWS under Apache license.<\/li><li>Supports<ul><li>C<\/li><\/ul><ul><li>Java<\/li><\/ul><ul><li>JavaScript\n<\/li><\/ul><ul><li>Python<\/li><\/ul><\/li><li>Helps to select <ul><li>encryption\nalgorithm <\/li><\/ul><ul><li>mode\nfor using encryption algorithm <\/li><\/ul><ul><li>generating\nencryption key<\/li><\/ul><ul><li>protecting\nencryption key<\/li><\/ul><ul><li>storing\nencryption key<\/li><\/ul><\/li><li>SDK generates unique data key for data object it\nencrypts, by default.<\/li><li>Concept in SDK<ul><li>Data\nKeys &#8211; encryption key used to encrypt data. Is a byte array<\/li><\/ul><ul><li>Master\nKey &#8211; also called wrapping key. Encrypts data keys<\/li><\/ul><ul><li>Cryptographic\nMaterials Manager &#8211; assembles cryptographic materials used to encrypt and\ndecrypt data.<\/li><\/ul><ul><li>Master\nKey Provider (Java and Python) &#8211;&nbsp; returns\nmaster keys which identify master keys<\/li><\/ul><ul><li>Keyring\n(C and JavaScript) &#8211; generates, encrypts, and decrypts data keys<\/li><\/ul><ul><li>Algorithm\nSuite &#8211;&nbsp; a collection of cryptographic\nalgorithms. Default is AES-GCM with an HMAC. Available are AES-128\/192\/256,\nAES-GCM.<\/li><\/ul><ul><li>Encryption\nContext &#8211; set of name-value pairs from user for logging and tracking<\/li><\/ul><ul><li>Encrypted\nMessage &#8211; portable formatted data structure having encrypted data, encrypted\ncopies of data keys<\/li><\/ul><\/li><li>SDK cannot decrypt data encrypted by <ul><li>DynamoDB\nEncryption Client <\/li><\/ul><ul><li>Amazon\nS3 client-side encryption<\/li><\/ul><\/li><li>SDK can use KMS customer master keys (CMKS) and\ndata keys to protect your data<\/li><\/ul>\n\n\n\n<p>Symmetric Key Encryption<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Same key to encrypt and decrypt<\/li><li>To encrypt data, <ul><li>SDK\nsubmits an encryption key, or data key and plaintext data from user to\nencryption algorithm. <\/li><\/ul><ul><li>Then,\nencrypted message is returns&nbsp; having, <ul><li>encrypted\ndata<\/li><\/ul><ul><li>encrypted\ncopy of data key<\/li><\/ul><ul><li>encryption\ncontext<\/li><\/ul><\/li><\/ul><\/li><li>To decrypt encrypted message<ul><li>SDK\nsubmits data key and encrypted message to decryption algorithm. <\/li><\/ul><ul><li>plaintext\ndata is returned<\/li><\/ul><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"241\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-173.png\" alt=\"\" class=\"wp-image-3792\"\/><\/figure>\n\n\n\n<p><strong>Envelope Encryption<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Steps<ul><li>data key encrypt plaintext<\/li><\/ul><ul><li>data key is encrypted by master key<\/li><\/ul><\/li><li>It protects Data Keys<\/li><li>Instead of re-encrypting same data multiple times, master keys encrypts data keys only<\/li><li>Multiple Algorithms can be applied<\/li><li>To encrypt<ul><li>Application sends plaintext data to encryption methods. <\/li><\/ul><ul><li>encryption method requests cryptographic materials manager (CMM) for encryption materials.<\/li><\/ul><ul><li>CMM requests encryption materials from master key provider or keyring. <\/li><\/ul><ul><li>The response has data key and same data key encrypted under the master keys. <\/li><\/ul><ul><li>The encryption method uses data key to encrypt data, and discards data key. <\/li><\/ul><ul><li>If encryption context is present, encryption method binds it to encrypted data.<\/li><\/ul><ul><li>The encryption method returns encrypted message having <ul><li>encrypted data<\/li><\/ul><ul><li>encrypted data key<\/li><\/ul><ul><li>metadata, with encryption context<\/li><\/ul><\/li><\/ul><\/li><li>To decrypt<ul><li>application sends encrypted message to a decryption method.<\/li><\/ul><ul><li>decryption method asks CMM for cryptographic materials to decrypt <\/li><\/ul><ul><li>In Java and Python, Default CMM asks its master key provider for a master key.<\/li><\/ul><ul><li>In C and JavaScript, CMM asks keyring for decryption materials. <\/li><\/ul><ul><li>response has decryption materials, with plaintext data key.<\/li><\/ul><ul><li>decryption method uses plaintext data key to decrypt data, then discards plaintext data key.<\/li><li>decryption method returns the plaintext data. <\/li><\/ul><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"282\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-174.png\" alt=\"\" class=\"wp-image-3793\"\/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>It is client-side encryption library Can encrypt and decrypt data as per standards Provided free by AWS under Apache license. Supports C Java JavaScript Python Helps to select encryption algorithm mode for using encryption algorithm generating encryption key protecting encryption key storing encryption key SDK generates unique data key for data object it encrypts, by&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2474,"menu_order":46,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,538],"class_list":["post-3119","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-encryption-sdks"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Encryption SDKs - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Encryption SDKs - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"It is client-side encryption library Can encrypt and decrypt data as per standards Provided free by AWS under Apache license. Supports C Java JavaScript Python Helps to select encryption algorithm mode for using encryption algorithm generating encryption key protecting encryption key storing encryption key SDK generates unique data key for data object it encrypts, by...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T11:38:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-173.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/\",\"name\":\"Encryption SDKs - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-31T12:13:20+00:00\",\"dateModified\":\"2020-05-01T11:38:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Security Specialty\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Encryption SDKs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Encryption SDKs - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/","og_locale":"en_US","og_type":"article","og_title":"Encryption SDKs - Testprep Training Tutorials","og_description":"It is client-side encryption library Can encrypt and decrypt data as per standards Provided free by AWS under Apache license. Supports C Java JavaScript Python Helps to select encryption algorithm mode for using encryption algorithm generating encryption key protecting encryption key storing encryption key SDK generates unique data key for data object it encrypts, by...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T11:38:15+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-173.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/","name":"Encryption SDKs - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-31T12:13:20+00:00","dateModified":"2020-05-01T11:38:15+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/encryption-sdks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Security Specialty","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/"},{"@type":"ListItem","position":3,"name":"Encryption SDKs"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=3119"}],"version-history":[{"count":3,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3119\/revisions"}],"predecessor-version":[{"id":3794,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3119\/revisions\/3794"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2474"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=3119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=3119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=3119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}