Amazon upgraded encryption for cloud storage to

Amazon upgraded encryption for cloud storage to

Customers of Amazon's S3 cloud storage can continue to decrypt their data to the server transparently encrypts and. Additional costs are not sure. The encryption is turned on by a separate HTTP header line that must be used to store specified in the PUT and POST requests.


The PUT process when a file on the server side should be stored in Amazon S3. Amazon also handles key management.
Image: Amazon Web Services Blog Reading via GET S3 decrypts the data automatically. It uses the keys generated by the service at the store, the one master key protects. As AES-256 encryption algorithm is used. All parties remain key to the Amazon servers. The encryption uses only the S3 servers themselves, while in transit to and from there the data are therefore not protected.

Sign up entirely uncontroversial method of server-side encryption is not. While Amazon uses to encrypt for each object has its own key that is encrypted in connection with a master key as well - but these are key managed entirely by Amazon. If key management fails or is compromised (or perhaps struck by lightning), then is not an access to the encrypted data is possible. At the very least, protects the system from having burglar in Amazon's server farm could get access to the data. Jeff Bar, Web services evangelist for Amazon, points out that the keys used were not "just lying around like that."