AWS’s Cryptography team have released an SDK for Java to enable developers to simplify generation and protection of keys for client side encryption.
Until now the onus was on developers to manage the generation and protection of keys used to encrypt data. This meant in practice that there was a possibility of errors being introduced into the process that could reduce the security of an application.
The new SDK transparently manages the generation of keys by supplying low level details to an existing cryptographic provider available in your environment. It also supports envelope encryption where the actual data is encrypted by one type of key and then that key is subsequently encrypted by with a master key that is more suited to key management.
This article on the AWS security blog gives gives an excellent introduction to the new SDK.
Cloudten specialise in building AWS environments according to security best practice please contact us for any questions around this new SDK.