Encryption Stack

Detailed Explanation of Encryption Technologies

RSA Encryption

  • Concept: RSA is a public-key encryption technology. It works on the principle of using two keys: a public key for encryption and a private key for decryption. The public key is shared openly, while the private key is kept secret.
  • Security Strength: RSA's security is based on the computational difficulty of factoring large integers. The longer the key length, the more secure the encryption. We use RSA not for encrypting user data directly but for securely exchanging the keys needed for data encryption.
  • Key Generation: Our RSA keys are generated using a secure, standardized process, ensuring robustness. The key size is chosen to balance security needs and performance requirements, adhering to current cryptographic standards.

AES Encryption

  • Role in Data Encryption: AES is used for the actual encryption of user event data. It's a symmetric key algorithm, meaning the same key is used for both encryption and decryption. AES is renowned for its efficiency and speed, making it ideal for encrypting large volumes of data.
  • Key Security: The strength of AES lies in the key length used. We employ a secure key generation mechanism to create a unique AES key for each event, enhancing the security of individual data transmissions.
  • Efficiency and Reliability: AES is not only secure but also highly efficient, ensuring that data encryption and decryption processes are fast and reliable, which is crucial for real-time data processing and analytics.

Key Generation and Management

RSA Key Pairs

  • Generation Process: Our RSA key pairs are generated using a cryptographically secure process. This involves selecting large prime numbers and computing their product, which forms the basis of the RSA keys. The key generation is automated and adheres to the latest security standards.
  • Private Key Security: The security of our system heavily relies on the confidentiality of the RSA private key. To ensure its security, the private key is stored in a highly secure, access-controlled environment.
  • Storage in AWS DynamoDB: Each client's RSA private key is securely stored within AWS DynamoDB. This choice offers robust security features, including encryption at rest and fine-grained access control. The private keys are never exposed to third parties, ensuring an additional layer of security and privacy.

AES Keys

  • Dynamic Generation: For each event data encryption, a unique AES key is generated. This approach, known as ephemeral key encryption, significantly enhances security. If a key were to be compromised, only the data encrypted with that specific key would be at risk, limiting the scope of any potential breach.
  • Key Lifecycle Management: Each AES key is used only once and then securely discarded. This practice aligns with the best standards in key management, minimizing the risk of key reuse vulnerabilities.