Decouple an App From the OS Before You Move to the Cloud

Virtual Application Appliances

Subscribe to Virtual Application Appliances: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Virtual Application Appliances: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

VAA Authors: Destiny Bertucci, Ray Parker, William Schmarzo, Pat Romanski, Gilad Parann-Nissany

Related Topics: Cloud Computing, SOA Best Practices Digest, SOA & WOA Magazine, SOA in the Cloud Expo, Amazon Cloud Journal, Virtual Application Appliances, Java in the Cloud

Blog Feed Post

Porticor Integrates With Amazon S3 SSE-C To Provide Automated And Secure Key Management For S3 Encryption

Amazon Web Services announced S3 SSE-C today; an enhancement allowing AWS S3 users to feed customer-generated keys to its S3 Server Side Encryption, which previously only allowed keys to be managed by Amazon itself. This is a great addition to the S3 feature set, and is a very usable way to enhance the security of AWS S3 for storing sensitive data.

Porticor’s Virtual Appliance for AWS integrates with AWS SSE-C to address two important questions:

  1. How can encryption keys  be generated in a secure manner, especially given that virtual machines often suffer from lack of randomness (“entropy”).
  2. Best crypto practices call for a separate encryption key per S3 object – How can a customer manage a large set of sensitive encryption keys?

With Porticor, both issues are solved in a simple and elegant manner:

  1. The Porticor Virtual appliance serves as a secure source of crypto-grade random numbers, just the sort you need for cryptographic keys.
  2. The Porticor Key Management API allows your application to generate, store and retrieve cryptographic keys, and is easily accessible from any programming language as a simple RESTful API.

To illustrate the simplicity of the API, the following two operations generate a random key, and then (later on) delete the key. This happens after the application has been authenticated and received a temporary credential (a.k.a., authentication token):

PUT /api/protected_items/my-new-item?generate=16& api_cred=<temporary-cred>

DELETE /api/protected_items/my-new-item?api_cred=<temporary-cred>

The value returned in a JSON structure by the PUT operation can be used directly by the S3 calls. Keys (protected items) can have arbitrary names, and a natural solution would be to use the S3 object’s URI to name its corresponding cryptographic key.

As a further convenience feature, Porticor provides sample code in multiple programing languages, which lets you use the API without resorting to direct REST calls.

For further details about our unique split-key encryption and homomorphic key management, click here for the white paper or visit us at

The post Porticor Integrates With Amazon S3 SSE-C To Provide Automated And Secure Key Management For S3 Encryption appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.