AWS KMS

In this page, we will implement an encryption/decryption algorithm using AWS KMS. But we will start from the very beginning: Basics of cryptography.

History of Cryptography

Threads

From the very early stages of mankind; people have secrets, and on the other hand are curious about secrets of others.

Apart from curiosity, sometimes they tried to learn information which others hide from them to make use of it.
Privacy is of great importance in this terms, and we faced challanges even in wars. They developed different ways of attacks to learn secrets of others. Some of them are:

• Side Channel Attacks
  • CAT (Cache Attack)
  
  • Differential fault analysis
• Brute Force
• Chosen Ciphertext Attack
• Man in the middle

• DoS

Encryption

That is why, encryption algorithms are developed on the other hand. Here is a snashot about the growth of encryption algorithms:

We can examine these algorithms in two main classes: Symmetric & Asymmetric

AES

AES is the mostly used symmetric algorithm. In symmetric algorithms, there is only one key: both for encryption and decryption.
Here is a sample implementation:

The problem about this algorithm is the key storage. Key itself is standing in the code! It is not safe: What will we do?
We will keep our key on AWS and we will send our raw data to cloud and get the result.

KMS

First we have to create our key and store it on our account. We have to know the ARN.

Then, lets implement the code:

RSA

RSA is an asymmetric algorithm. Now, we will have a key pair instead of one: Public & private keys: One for encryption and other for decryption.
Here is a sample implementation: