Amazon Encryption SDK Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
No edit summary
Line 7: Line 7:
{{External|[https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/supported-algorithms.html Amazon Encryption SDK Developer Guide - Supported Algorithms]}}
{{External|[https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/supported-algorithms.html Amazon Encryption SDK Developer Guide - Supported Algorithms]}}


The library uses an [[Symmetric_Cryptography#AES-GCM|AES-GCM]] encryption algorithm with 256-bit, 192-bit and 128-bit encryption keys. The length of the [[Symmetric_Cryptography#Initialization_Vector_.28IV.29|Initialization Vector]] is 12 bytes. The length of the authentication tag is 16 bytes. By default, the SDK uses the data key as an input to the HMAC-based extract-and-expand key derivation function (HKDF) to derive the AES-GCM encryption key, and also adds an Elliptic Curve Digital Signature Algorithm (ECDSA) signature.
The library uses an [[Symmetric_Cryptography#AES-GCM|AES-GCM]] encryption algorithm with 256-bit, 192-bit and 128-bit encryption keys. The length of the [[Symmetric_Cryptography#Initialization_Vector_.28IV.29|Initialization Vector]] is 12 bytes. The length of the authentication tag is 16 bytes. By default, the SDK uses the data key as an input to the HMAC-based extract-and-expand key derivation function (HKDF) to derive the AES-GCM encryption key, and also adds an Elliptic Curve Digital Signature Algorithm (ECDSA) signature.





Revision as of 23:04, 12 December 2018

Internal

Supported Algorithms

Amazon Encryption SDK Developer Guide - Supported Algorithms

The library uses an AES-GCM encryption algorithm with 256-bit, 192-bit and 128-bit encryption keys. The length of the Initialization Vector is 12 bytes. The length of the authentication tag is 16 bytes. By default, the SDK uses the data key as an input to the HMAC-based extract-and-expand key derivation function (HKDF) to derive the AES-GCM encryption key, and also adds an Elliptic Curve Digital Signature Algorithm (ECDSA) signature.


Data Key Caching

TODO: