Envelop Encryption

encrypted_data = encrypt(data, data_key)
encrypted_data_key = encrypt(data, root_key)
decryption steps
i) get the root key
ii) decrypt the encrypted_data_key using root_key
iii) decrypt encrypted_data using data_key

Uses

  1. Store highly sensitive information in database — When storing information like credit card in a database, you can use envelope encryption to have unique data keys for each credit_card. Even if a data key is compromised, only that particular data will be compromised.
    One should store the data keys along with the data itself, so that the data_key is always present alongside the data
  2. Store sensitive objects. Encrypt objects with data key and store the object with encrypted data key

Where to store the root key?

--

--

--

Software Developer currently on a break. Formerly, I worked at Amazon for 7 years.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Omaha Poker: Pokerist Hack Free Resources Generator

A Brief Guide to Supply Chain Security

Homepage

{UPDATE} Tactical Mind Hack Free Resources Generator

Decomposing security risk into scenarios

{UPDATE} Patience - Lucky Star Hack Free Resources Generator

A valid email address is crucial — Cyber Attacks Prevention

Introduction to Apple Swap

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vinit Pandey

Vinit Pandey

Software Developer currently on a break. Formerly, I worked at Amazon for 7 years.

More from Medium

Systemtap — find who access the file

Closed-Source-to-Open-Source Twitter repository named “The Algorithm” on Github

Messaging and Event Streaming with NATS Server

How to make a Video Streaming Server with Go — Simplified