For details about the Java implementation of the Encrypt operation, see the encrypt method in the // Encrypt a data key // // Replace the fictitious key ID value with a valid key ID, key ARN, or alias of an AWS CMK.
String key Id = "arn:aws:kms:us-west-1122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"; Byte Buffer plaintext = Byte Buffer.wrap(new byte); Encrypt Request req = new Encrypt Request()Key Id(key Id)Plaintext(plaintext); Byte Buffer ciphertext = kms.encrypt(req)Ciphertext Blob(); To decrypt an encrypted data key, and then immediately re-encrypt the data key under a different customer master key (CMK), use the Re Encrypt operation.
They use an AWS KMS customer master key (CMK) in the encryption operations and they cannot accept more than 4 KB (4096 bytes) of data.
I see your point, however I don't see how anyone can know if they are looking at an encrypted value vs a decrypted value if they are dealing with numbers like dates.I think my question has to do with that, but not sure how to rephrase it.For example in the case of dates like a month you would create a key that consists of a random number between 1 and 12, so that when you add the key value to actual month value and mod by 12 (and add 1) you end with a real month value different from the initial.Then you use the same method (different range of values) with the days, or years, always ensuring you end up with a real date value in the end.Say you wanted to preserve the linkage to people and their birthdates.
Birthday is a primary key in a database and you have multiple records for one person.
For instance say you encrypt text using the one time pad and you end up with some scrambled text that appears illegible.
If you reused the key for multiple times for enough text, someone could potentially crack the message using something like crib-dragging.
To encrypt application data, use the server-side encryption features of an AWS service, or a client-side encryption library, such as the AWS Encryption SDK or the Amazon S3 encryption client.
The Encrypt operation is designed to encrypt data keys, but it is not frequently used.
We don't really know what your dates might be about, so let's just make a random guess and say that they're people's birthdays. A suspicious person could examine your birthday data and see if it matches these expected patterns.