19Nis
Client Side Encryption (CSE) across multiple clients
Working on 2 layer security in the cloud (AWS). Have multiple clients pushing files to S3 document storage which are then retrieved by one EC2 instance.
Multiple external customers each requiring their own encryption (PUT files to S3). Have 1 internal instance that must be able to GET files from S3 and decrypt.
How can we manage multiple keys in an easy way?
3 legs of our problem
- Transport encrypted - solved via SSL
- Encrypt at rest - solved via S3 SSE
- Client side encryption
Is it possible for each client to encrypt (CSE), transport and then decrypt by S3 which then encrypts (SSE)? Any other thoughts or references that might help?
