Encryption
Symmetric (AES-256), asymmetric (RSA, ECC), key management lifecycle
Symmetric encryption uses the same key for encryption and decryption — AES-256-GCM (authenticated encryption) is the standard for data at rest; key distribution is the primary challenge. Asymmetric encryption uses a public/private key pair: RSA-2048/4096 for key exchange and signing; ECDSA P-256 and ECDH (Elliptic Curve Diffie-Hellman) for smaller keys with equivalent security. Envelope encryption solves the key distribution problem: data is encrypted with a DEK (AES-256); the DEK is encrypted with a KEK stored in a managed KMS (AWS KMS, Azure Key Vault, GCP Cloud KMS).
Key Points
- AES-256-GCM (Galois/Counter Mode): authenticated encryption providing both confidentiality and integrity (GMAC tag) — preferred over AES-CBC + separate HMAC; GCM nonce must be unique per key (never reuse).
- RSA key sizes: 2048-bit provides ~112-bit security (acceptable until ~2030); 4096-bit provides ~140-bit security; EC P-256 provides 128-bit security with much smaller keys (32 bytes vs 256 bytes for RSA-2048).
- Post-quantum cryptography (PQC): NIST finalised ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (SPHINCS+) in FIPS 203/204/205 (2024) — begin planning migration of long-lived key material to PQC-hybrid schemes.
- Key rotation: rotate DEKs annually or on compromise; KEKs annually (AWS KMS annual rotation generates new key material, re-wraps DEKs lazily); TLS certificates every 90 days (Let's Encrypt) to 1 year.
- Envelope encryption in AWS: `aws kms generate-data-key` returns a plaintext DEK + encrypted DEK (ciphertext blob); use plaintext DEK to encrypt data in memory, store encrypted DEK alongside ciphertext — KEK never leaves KMS.
- Hashing vs encryption: SHA-256/SHA-3 are one-way (no key, cannot decrypt); use for checksums, certificate fingerprints, and HMAC signatures — never for password storage. Use bcrypt, scrypt, or Argon2id (OWASP recommended) for passwords.
- In-transit encryption: TLS 1.3 mandatory for all external traffic; mTLS for service-to-service; enforce TLS minimum version (disable TLS 1.0/1.1) via ALB security policy `ELBSecurityPolicy-TLS13-1-2-2021-06`.
- Hardware Security Modules (HSMs): FIPS 140-2 Level 3 validated (AWS CloudHSM, Azure Dedicated HSM) — required for PCI-DSS, FIPS 140-2 Level 3 compliance; private keys are generated and never leave the HSM.
Real-World Example
WhatsApp uses the Signal Protocol for end-to-end encryption: X3DH (Extended Triple Diffie-Hellman) for key establishment and the Double Ratchet Algorithm (combining AES-256 + HMAC-SHA256 + Curve25519) for forward secrecy and break-in recovery in all 2 billion+ user conversations.