KMS It is used for the encryption and decryption of data in the AWS environment Types Symmetric If the same key is used to encrypt or de...
KMS
It is used for the encryption and decryption of data in the AWS environment
Types
Symmetric
If the same key is used to encrypt or decrypt the data.
Asymmetric
If a different key(public key) is used for encryption and a different key(private key) is used for decryption.
AWS Master keys
These are master keys that are managed by AWS for its service's encryption like SNS, EBS.
Customer master key(<4kb)
These master keys are created by a user for encryption and decryption.
Steps to Create Customer KMS
1. Create a user who owns the cmk(customer master key) ( Note down Access key and secret key)
2. Crate a user who uses this cmk
3. Create a KMS key using KMS service in AWS
Create Symmetric key
Provide ownership to a user
Provide user name who uses this key
4. Create an EC2 instance and configure user which will have the ownership/usage of KMS keys.
5. Connect to EC2 instance and configure Accesskey and Secret key.
6. Run following commands
- echo "Hello AWS!!" > secret.txt
- aws kms encrypt --key-id YOURKEYIDHERE --plaintext fileb://secret.txt --output text --query CiphertextBlob | base64 --decode > encryptedsecret.txt
- aws kms decrypt --ciphertext-blob fileb://encryptedsecret.txt --output text --query Plaintext | base64 --decode > decryptedsecret.txt
- aws kms re-encrypt --destination-key-id YOURKEYIDHERE --ciphertext-blob fileb://encryptedsecret.txt | base64 > newencryption.txt
- aws kms enable-key-rotation --key-id YOURKEYIDHERE
- aws kms get-key-rotation-status --key-id YOURKEYIDHERE
- aws kms generate-data-key --key-id YOURKEYIDHERE --key-spec AES_256
COMMENTS