This diagram shows the four-step encryption process when using CSE-C:
Let's understand the process:
- The client will use the AWS SDK and, in this example, the Java client, which will create a randomly generated plaintext data key, which is then used to encrypt the object data.
- A CMK created by the customer then encrypts this plaintext data key.
- At this point, the encrypted data key and the encrypted object data are sent from the client to S3 for storage.
- S3 then takes the encrypted data key and associates it with the encrypted object and stores both in S3.
This diagram shows the four-step decryption process when using CSE-C:
Let's understand the process:
- A user requests access to the encrypted object in S3.
- S3 responds by sending the requested object data, along with the associated encrypted data key, back to the client.
- Using the AWS SDK, the customer CMK is then used with the encrypted data key to generate...