Wikipedia:Reference desk/Archives/Computing/2023 January 20

= January 20 =

How does envelope encryption works?
I know few things about cryptography. Like symmetric systems share a secret key and asymmetric have two keys. We encrypt with receivers public key and they decrypt with their private. What among these systems is used in cloud (See Hybrid cryptosystem ) ? I understood that we have plaintext, then encrypt it with symmetric secret key(DEK). Then use KEK to encrypt DEK. What exactly is KEK? Is it public, private or secret(symmetric) ? Can someone tell me exact workflow. How does it help to have KEK in cloud? Because if it is pvt key, It would only be seen by one user and if public it should be seen by all. So how exactly it helps in cloud? I mean what exactly is Key management? -- Parnaval (talk) 06:53, 20 January 2023 (UTC)


 * I'm not an expert on this issue, but the following is my understanding of the situation, Some services may offer the possibility of using a user-supplied key for data encryption, in which case there is no point in using envelope encryption. The point of envelope encryption is that the user does not need a key to access the data, while it is at the same time (thought to be) secure against hacks. Instead, the service uses some other method, such as a password, to authenticate the user. The scheme does not rely on public-key cryptography. Users can, of course, additionally encrypt the data themselves before submitting it to the service, using any method they choose. --Lambiam 15:33, 20 January 2023 (UTC)


 * A simple definition from AWS: Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key. 97.82.165.112 (talk) 18:37, 20 January 2023 (UTC)
 * Envelope encryption is a simple function that relies on adaptive interface processing to limit encryption environment interference over a cloud-defined interface. It does this by limiting input parameters to a tiered algorithm that outputs layered rather than simple sequence analytics. It’s a very simple concept. Serratra (talk) 04:53, 23 January 2023 (UTC)
 * @Serratra would you please stop replying to legitimate questions with nonsense answers like this? You did it here as well. It's not funny to deliberately mislead people and waste their time. Some readers might think this is a real answer, and spend time trying to look up the terms and figure out what you mean. CodeTalker (talk) 19:52, 23 January 2023 (UTC)
 * Lambiam, but they specifically say it is key management. So I thought it is different than password authentication. also the doc linked by IP says something like key rotation. I read similar thing in google cloud and couldn't understand it that what exactly is stored in cloud. -- Parnaval (talk) 20:39, 23 January 2023 (UTC)