|By Gilad Parann-Nissany||
|June 13, 2014 08:33 PM EDT||
Amazon Web Services announced S3 SSE-C today; an enhancement allowing AWS S3 users to feed customer-generated keys to its S3 Server Side Encryption, which previously only allowed keys to be managed by Amazon itself. This is a great addition to the S3 feature set, and is a very usable way to enhance the security of AWS S3 for storing sensitive data.
Porticor’s Virtual Appliance for AWS integrates with AWS SSE-C to address two important questions:
- How can encryption keys be generated in a secure manner, especially given that virtual machines often suffer from lack of randomness (“entropy”).
- Best crypto practices call for a separate encryption key per S3 object – How can a customer manage a large set of sensitive encryption keys?
With Porticor, both issues are solved in a simple and elegant manner:
- The Porticor Virtual appliance serves as a secure source of crypto-grade random numbers, just the sort you need for cryptographic keys.
- The Porticor Key Management API allows your application to generate, store and retrieve cryptographic keys, and is easily accessible from any programming language as a simple RESTful API.
To illustrate the simplicity of the API, the following two operations generate a random key, and then (later on) delete the key. This happens after the application has been authenticated and received a temporary credential (a.k.a., authentication token):
PUT /api/protected_items/my-new-item?generate=16& api_cred=<temporary-cred>
The value returned in a JSON structure by the PUT operation can be used directly by the S3 calls. Keys (protected items) can have arbitrary names, and a natural solution would be to use the S3 object’s URI to name its corresponding cryptographic key.
As a further convenience feature, Porticor provides sample code in multiple programing languages, which lets you use the API without resorting to direct REST calls.
Aug. 27, 2016 03:15 AM EDT Reads: 1,758
Aug. 27, 2016 02:30 AM EDT Reads: 1,997
Aug. 27, 2016 01:45 AM EDT Reads: 1,725
Aug. 27, 2016 01:30 AM EDT Reads: 2,079
Aug. 27, 2016 01:15 AM EDT Reads: 2,001
Aug. 27, 2016 12:45 AM EDT Reads: 2,146
Aug. 27, 2016 12:45 AM EDT Reads: 2,929
Aug. 27, 2016 12:15 AM EDT Reads: 2,280
Aug. 26, 2016 10:45 PM EDT Reads: 2,070
Aug. 26, 2016 10:00 PM EDT Reads: 1,854
Aug. 26, 2016 09:15 PM EDT Reads: 1,439
Aug. 26, 2016 07:15 PM EDT Reads: 438
Aug. 26, 2016 07:00 PM EDT Reads: 726
Aug. 26, 2016 07:00 PM EDT Reads: 667
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
Aug. 26, 2016 06:00 PM EDT Reads: 1,937