使用 Amazon KMS 加密/解密小型应用程序数据的缺点

Disadvantage of using Amazon KMS to encrypt / decrypt small application data

一对Amazon Lambda 将对称地加密和解密一小段应用程序数据。我想使用 Amazon KMS 来促进这一点,因为它解决了秘密存储和密钥轮换等问题。

Amazon KMS Developer Guide表示:

These operations are designed to encrypt and decrypt data keys. They use an AWS KMS customer master key (CMK) in the encryption operations and they cannot accept more than 4 KB (4096 bytes) of data. Although you might use them to encrypt small amounts of data, such as a password or RSA key, they are not designed to encrypt application data.

它继续推荐使用 AWS Encryption SDK or the Amazon S3 encryption client 来加密应用程序数据。

虽然 listed advantages of the AWS Encryption SDK 很清楚,而且非常有吸引力,特别是对于不是密码学家的开发人员来说,但为了这个问题的目的,让我们假设情况不利于这些替代方案。

如果我的应用程序数据肯定不会超过 4k,为什么特别是我不应该简单地使用 Amazon KMS 来加密和解密这些数据?

用例

我的团队正在实施一个新的身份验证层,以在我们公司的服务和 API 中使用。我们正在实施 JWT 规范,但尽管我们打算避开广泛记录的加密问题困扰 JWE / JWS 兼容令牌签名,但我们正在对负载进行对称加密。因此,我们保留了非加密令牌验证操作(到期和其余)的标准库实现的优势,并且我们留下了加密 "foot-gun."

我怀疑这与性能有关:缩放和延迟。

每个帐户

KMS encrypt/decrypt has a limit of 5500 reqs/s,与其他一些 KMS 操作共享。

"Why?" 在常见问题解答中也进行了更深入的讨论。

Why use envelope encryption? Why not just send data to AWS KMS to encrypt directly?

While AWS KMS does support sending data less than 4 KB to be encrypted, envelope encryption can offer significant performance benefits. When you encrypt data directly with KMS it must be transferred over the network. Envelope encryption reduces the network load for your application or AWS cloud service. Only the request and fulfillment of the data key through KMS must go over the network. Since the data key is always stored in encrypted form, it is easy and safe to distribute that key where you need it to go without worrying about it being exposed. Encrypted data keys are sent to AWS KMS and decrypted under master keys to ultimately allow you to decrypt your data. The data key is available directly in your application without having to send the entire block of data to AWS KMS and suffer network latency.

https://aws.amazon.com/kms/faqs/

我现在正在与 AWS 支持人员一起解决这个问题。接受的答案中提到了节流限制。此外,如果您在 SDK 允许的情况下重复使用和缓存数据密钥,则可以以降低安全性为代价来节省资金(一个数据密钥可以解密多个对象)。

但是,如果这些都与您无关,那么直接 CMK 加密很有吸引力。安全性非常好,因为数据密钥不会泄露,每次解密都需要调用 API KMS 并且可以被审计。在 KMS Best Practices 白皮书中,它声明以这种方式加密信用卡号是符合 PCI 标准的。