Ref: https://learn.cantrill.io/courses/2022818/lectures/45641126 and https://learn.cantrill.io/courses/2022818/lectures/45641125

• Summary:
• Contents:

Encryption - Key Concepts

• 🔧 Encryption = convert data into a form that is unreadable to unauthorized users
  • Approaches: encryption at rest & encryption in transit
  • Types: symmetric encryption & asymmetric encryption
• Plaintext = unencrypted data → readable, usable data
  • ‼️ NOT necessarily text!! Can be text, image, file… ANYTHING unencrypted!
• Ciphertext = encrypted data → scrambled, unreadable, unusable data
  • ‼️ Again, NOT necessarily text!!
• Key: used for encrypting/decrypting data
  • Simple example: a password
  • Complex example: a very long string of alphanumeric characters
• Algorithm = math/code process that encrypts/decrypts data with a key
  • Takes Plaintext + key → generates encrypted data (ciphertext) → encryption
  • Takes Ciphertext + key → generates unencrypted data (plaintext) → decryption
  • Examples: Blowfish, AES (e.g. AES-256), DES, RC4, RC5, RC6…
• Summary Diagram: https://github.com/acantril/aws-sa-associate-saac03/blob/main/0400-TECH_FUNDAMENTALS/00_LEARNINGAIDS/TF-GEN-Encryption101-2.png

Encryption Approaches

Diagram: https://github.com/acantril/aws-sa-associate-saac03/blob/main/0400-TECH_FUNDAMENTALS/00_LEARNINGAIDS/TF-GEN-Encryption101-1.png

Encryption At Rest

• 🔧 Protect stored data vs physical theft & tampering
  • e.g. encrypt data stored in disk or in the cloud
    • If unauthorized user gets a hold of data, they can't read it (it's encrypted)
• Secret (e.g. laptop's password) → used directly or indirectly to encrypt/decrypt data
• ❗ Just ONE entity involved (the one who wants to protect stored data)
• 💡 In AWS, Key Management Service (KMS) is service that provides encryption at rest

Encryption In Transit