Amazon Encryption SDK: Difference between revisions
| Line 35: | Line 35: | ||
==Overhead Introduced by Amazon Encryption SDK Message Format== | ==Overhead Introduced by Amazon Encryption SDK Message Format== | ||
Encrypting data with Amazon Encryption SDK introduces a certain amount of space overhead, mainly due to the fact that the [[Amazon_KMS_Concepts#Data_Key|data key]], after being encrypted with the [[Amazon_KMS_Concepts#Customer_Master_Key|customer master key]], is stored together with the cipher text. The amount of overhead on the size of the clear text data, encryption algorithm, whether additional authenticated data (AAD) is provided, and the length of that AAD, the number and type of master key providers, and the frame size. | Encrypting data with Amazon Encryption SDK introduces a certain amount of space overhead, mainly due to the fact that the [[Amazon_KMS_Concepts#Data_Key|data key]], after being encrypted with the [[Amazon_KMS_Concepts#Customer_Master_Key|customer master key]], is stored together with the cipher text. The amount of overhead depends on the size of the clear text data, encryption algorithm, whether additional authenticated data (AAD) is provided, and the length of that AAD, the number and type of master key providers, and the frame size. When AWS Encryption SDK is used with its default configuration, with one CMK in AWS KMS as the master key, with no AAD, and encrypt non-framed data, the overhead is approximately 600 bytes. In general, it can be reasonably assumed that Amazon Encryption SDK adds overhead of 1KB or less, not including AAD. | ||
When AWS Encryption SDK is used with its default configuration, with one CMK in AWS KMS as the master key, with no AAD, and encrypt non-framed data, the overhead is approximately 600 bytes. In general, it can be reasonably assumed that Amazon Encryption SDK adds overhead of 1KB or less, not including AAD. | |||
=Playground Example= | =Playground Example= | ||
{{External|[https://github.com/ovidiuf/playground/blob/master/amazon/encryption-sdk/01-simplest-encryptionsdk/src/main/java/playground/amazon/encryptionsdk/AWSEncryptionSDKExamples.java Playground AWS Encryption SDK Examples]}} | {{External|[https://github.com/ovidiuf/playground/blob/master/amazon/encryption-sdk/01-simplest-encryptionsdk/src/main/java/playground/amazon/encryptionsdk/AWSEncryptionSDKExamples.java Playground AWS Encryption SDK Examples]}} | ||
Revision as of 23:03, 7 December 2018
External
Internal
Overview
Dependencies
dependencies {
implementation('org.bouncycastle:bcprov-ext-jdk15on:1.58')
implementation('com.amazonaws:aws-encryption-sdk-java:1.3.1')
}
Clarify whether I need KMS API or not: AWS KMS API Dependencies.
Concepts
Data Key Caching
TODO:
- https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/data-key-caching.html
- https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/faq.html
Encryption
Overhead Introduced by Amazon Encryption SDK Message Format
Encrypting data with Amazon Encryption SDK introduces a certain amount of space overhead, mainly due to the fact that the data key, after being encrypted with the customer master key, is stored together with the cipher text. The amount of overhead depends on the size of the clear text data, encryption algorithm, whether additional authenticated data (AAD) is provided, and the length of that AAD, the number and type of master key providers, and the frame size. When AWS Encryption SDK is used with its default configuration, with one CMK in AWS KMS as the master key, with no AAD, and encrypt non-framed data, the overhead is approximately 600 bytes. In general, it can be reasonably assumed that Amazon Encryption SDK adds overhead of 1KB or less, not including AAD.