You are using AWS S3 to encrypt and store large documents for your application.
You have been asked to use the AWS Lambda function for this purpose by your Technical Architect.
You have determined the use of AWS KMS for encryption as your data is stored and managed in the AWS platform.
Which CMK will you use for this purpose?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Option A is incorrect as AWS services that integrate with AWS KMS do not support the use of asymmetric keys.
Option B is CORRECT as mentioned in the documentation.
Symmetric keys never leave KMS unencrypted and hence are used to integrate with other AWS services.
Option C is incorrect as RSA CMK is a type of asymmetric key which cannot be used with other AWS services for integration.
Option D is incorrect as ECC CMK is a type of asymmetric key which cannot be used with other AWS services for integration.
Reference:
https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmksWhen encrypting data with AWS Key Management Service (KMS), you have the option of using either an asymmetric customer master key (CMK) or a symmetric CMK.
Asymmetric CMKs are designed for encrypting small amounts of data, such as passwords or keys. They use public and private keys, where the public key is used for encryption and the private key is used for decryption.
Symmetric CMKs, on the other hand, are designed for encrypting large amounts of data, such as documents or files. They use a single key for both encryption and decryption.
In this scenario, the requirement is to encrypt and store large documents using AWS S3 and AWS Lambda functions. Therefore, a symmetric CMK would be the appropriate choice.
As for the specific type of symmetric CMK to use, AWS KMS supports both RSA and Elliptic Curve Cryptography (ECC) CMKs. The choice between RSA and ECC depends on the performance and security requirements of the application.
RSA CMKs are widely used and offer good performance and security. ECC CMKs, on the other hand, are a newer technology that offer better performance and security compared to RSA for the same key length.
In summary, the appropriate choice of CMK in this scenario would be a symmetric CMK, and the specific type of CMK would depend on the performance and security requirements of the application, which could be either RSA or ECC.