View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Amazon S3 invites users to provide their own encryption keys

But Amazon Web Services is still under criticism for continuing use of TrueCrypt.

By Ben Sullivan

Amazon Web Services’ Simple Storage Service, known as S3, will now allow users to provide their own keys for server-side encryption.

The new feature is accessible via the S3 APIs, and users have to supply their own encryption key as part of a PUT and S3 will complete the process.

Writing on the Amazon Web Services blog, Amazon said: "You now have a choice – you can use the existing server-side encryption model and let AWS manage your keys, or you can manage your own keys and benefit from all of the other advantages offered by server-side encryption.

"You now have the option to store data in S3 using keys that you manage, without having to build, maintain, and scale your own client-side encryption fleet, as many of our customers have done in the past."

Last week, Amazon came under attack for continued use of the Linux encryption tool TrueCrypt for sending data back and forth between Amazon Web Services.

The developers of TrueCrypt renounced the service in May, claiming that "using TrueCrypt is not secure as it may contain unfixed security issues".

Amazon said in a statement: "AWS Import/Export is the only AWS service that uses TrueCrypt, but AWS is aware of the statement on the TrueCrypt website and continues to monitor closely."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Still, the timely arrival of this announcement from Amazon shows that improved key management is becoming a major focus area for cloud services. The new BYOK (Bring your own Key) service will use AES-256 encryption, create a one-way hash of the key, and then expeditiously remove the key from memory. It will return the checksum as part of the response, and will also store the checksum with the object.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.