Encryption SDK Flashcards

1
Q

Encryption SDK

What is the Encryption SDK (ENCSDK)?

A

Open-source library from AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Encryption SDK

Value prop of ENCSDK?

A

Hides boring details about using keys and DEKs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Encryption SDK

What keys does ENCSDK work with?

A

DEKs and wrapping keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Encryption SDK

What are wrapping keys?

A

Keys that encrypt your DEKs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Encryption SDK

What are some examples of things ENCSDK hides?

A

Message formatting, creating and encrypting DEKs with wrapper keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Encryption SDK

How does ENCSDK handle DEKs?

A

Uses a unique DEK for every operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Encryption SDK

What are the rough limits for calling KMS?

A

Thousands of calls per section, shared across different regions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Encryption SDK

What is Data Key Caching?

A

Re-use DEKs to reduce the number of KMS calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Encryption SDK

How do you set up Data Key Caching?

A

Set thresholds like max age and max bytes encrypted before a DEK expires

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Encryption SDK

Where are DEKs cached?

A

In-memory only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Encryption SDK

What’s the fancy term for Data Key Caching?

A

Cryptographic Materials Cache (CMM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Encryption SDK

Why isn’t ENCSDK built-into KMS or AWS SDK?

A

It isn’t tied to KMS, can use it independently of AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly