EldoS | Feel safer!

Software components for data protection, secure storage and transfer

AWS S3 bucket Multiple Encryption options

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 01/09/2016 18:14:05
by Darian Miller (Standard support level)
Joined: 06/27/2011
Posts: 47

If using the built-in encryption offered by AWS (server-side AES-256), what would be the best encryption to use in the SBB layer to offer multiple encryption of bucket data?

Does multiple encryption with AES-256 have the problem of potentially canceling out the first encryption (as mentioned https://en.wikipedia.org/wiki/Multiple_encryption)?
Posted: 01/11/2016 05:19:59
by Ken Ivanov (EldoS Corp.)

Hi Darian,

You can use any kind of encryption offered by SecureBlackbox; it will be done in parallel to AWS native server side encryption and will add an extra layer of encryption to your data. In order for the second encryption to 'cancel' the first one the algorithms and encryption keys used need to be exactly the same. That is, if you generate your client-side keys randomly, the chances that the client-side and server-side key will match are extremely low (and you can read 'extremely low' as 'virtually zero').

Besides, if you use any kind of envelope for your client-side encrypted data (such as CloudBlackbox blob, PKCS#7/CMS or OpenPGP), the chances are strictly zero, as in this case the encrypted data is padded with unencrypted metadata, and therefore client-side and server-side encryption inputs are not aligned to each other (which is also a requirement for 'encryption cancellation').




Topic viewed 1478 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!