File Encryption Strategy (Shared vs Unique Keys)

Question

I am working on a project to manage build artifacts and corresponding metadata in S3 & SimpleDB respectively.

I’d like feedback on different strategies for encrypting build artifacts which are uploaded to an S3 bucket.

Symmetrically encrypt file before storing.

• Read a secret from a file.
• Directly AES256 encrypt the file to be stored in S3 with this secret as the key.
• Upload encrypted file to S3.
• Decryption will be done by downloading file from S3 and decrypting with same key.

Encrypt file with random string. Symmetrically encrypt and store string with file.

• Read a secret from a file.
• Generate a random string.Encrypt the file with the random string.
• Encrypt the random string.
• Store encrypted random string in SimpleDB. Decryption will be performed by downloading the object from S3, as well as the string from SimpleDB. Decrypting the encrypted string with the secret and using the unencrypted string to decrypt the file.

I am leaning towards the later as it offers the ability to rotate the encrption key by re-encrypting the string stored in SimpleDB with a new secret.

Anyone tackled this problem who can comment on the strengths and weaknesses of each strategy?

Answer 1

From a cryptographic point of view both schemes provide similar security. The main difference is the organizational characteristic. The second scheme gives you the ability to make all encrypted files unreadable by simply deleting the SimpleDB. Additionally you can change the password to decrypt the file-keys, just as you said. This is pretty much how decryption keys are stored on LUKS partitions. So I would also tend to the second version.

I you want different people to have access to the files, I would consider using a hybrid scheme, i.e., storing the file-keys encrypted with a public-key system.

Btw. which mode did you chose for the encryptions?