与传统的密钥存储方法相比，AWS KMS如何更安全? [英] How is AWS KMS more secure than traditional method of storing keys?

问题描述

所以我读了

Traditionally, keys have been managed in haphazard ways, from SCP-ing 
keys around your instances to baking them into machine images. The safe 
way to manage high-value keys has been to employ dedicated Hardware 
Security Modules (HSMs), either on-premise or with the AWS CloudHSM 
service. In either case, HSMs are expensive and hard to use.

我相信KMS与使用HSM的概念相同.据我了解，不是使用隐藏/保护密钥，而是使用KSM库"并将数据发送到其中以进行加密，解密器也是如此.

I believe KMS is the same concept of using an HSM. From what I understand instead of hiding/securing the key you are using the KSM "vault" and sending your data to it to get encrypted and the decryptor does the same.

因此，不是全部归结为:现在，除了保护密钥之外，我们还必须保护对KSM存储的访问?我不明白那会更好.别人可以像访问我的密钥一样容易地访问我的KMS，不是吗?

So doesn't it all boil down to this: instead of securing the keys, now we have to secure access to our KSM store? I don't understand how that is better. Someone else can get access to my KMS as easily as they get access to my key is that not so?

我只是想以最简单的形式了解该系统(和hsm)的好处(暂时不考虑信封加密

I am just trying to understand the benefit of this system (and hsm) in it's simplest form (disregarding envelope encryption for now

推荐答案

对HSM的访问是有时间限制的.如果您丢失了密钥，则拥有密钥的任何人都可以根据需要加密/解密数据，产生签名或执行任何其他加密.当然，您可以撤消证书，但是在很多情况下，这不会影响密钥(例如，证书撤消后仍然可以很好地解密).

Access to a HSM is timebound. If you lose your keys, anybody that has them can encrypt/decrypt data, produce signatures or perform any other cryptography as long as they want. Of course you can revoke a certificate, but that does not affect a key in many cases (for example it is still good for decryption after certificate revocation).

如果使用HSM，则在发现访问威胁时，可以非常快速地禁用攻击者对HSM的访问，并且不会破坏其他数据.当然，只要攻击者有权访问HSM，攻击者就可以充分利用您的密钥，但之后不能使用.

If you use a HSM, when you discover access compromise, you can disable the attacker's access to the HSM very quickly, and no further data is compromised. Of course the attacker can fully use your keys as long as they have access to the HSM, but not afterwards.

并且同样重要的是，与其他地方存储的密钥相比，审计对HSM的访问要容易得多，而且同样重要.由于密钥永远不会离开HSM，因此您不必担心审核复制的密钥用法之类的事情(实际上是不可能的)-您可以获得有关究竟是谁出于什么目的访问了什么密钥的信息.您可以随意授予和撤销这种访问权限.

Also securing and equally importantly, auditing access to a HSM is much easier than to a key stored somewhere else. As a key never leaves a HSM, you don't have to care about auditing things like copied key usage (practically impossible) - you have information on exactly who accessed what key, for what purpose. You can grant and revoke such access at will.

HSM通常还提供密钥管理的其他方面，例如，密钥分发可能变得更加容易.

A HSM usually provides other aspects of key management as well, for example key distribution may become much easier.

是的，当然，您仍然需要保护对HSM和包含密钥的访问.但是由于上述原因，如果使用得当，它仍然可以使密钥管理更加安全.

So yes, of course you still need to guard access to the HSM and contained keys. But for the reasons above, it still makes key management much more secure if used properly.

这篇关于与传统的密钥存储方法相比，AWS KMS如何更安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！