encrypt s3 data content with sdk

Question

we are developing an app with a custom integrated ebooks and pdf player.

We stored in the S3 all data. These data are from big companies and are big licences, so security must be totall.

We would to encrypt the data at rest and in transit...but we would do something special as encryption.

Consider a (box with 10 balls) as a ebook.

• Encrypting a file means, wrapping the whole box.
• Encrypting content means, wrapping the 10 balls, let the box be as it is.

If we go for file encryption then, to start reading the ebook on device (Android) we will have to decrypt the file first, ie (unwrap the box). Since ebooks can be large, we will be forced to save it on a file.

But if we go for content encryption, to start reading we can directly open the file and start reading the content. We unwrap the balls only when user wants to see/read. This way we can avoid decypting whole file/content at once, so even if the intruder is smart enough he can't get the full ebook.

So our question : is it possible with the aws sdk to encrypt the balls that is to say the content of the file ? So on disk, on the user phone, the content is always encrypted ? And when we want to read, we decrypt ball per ball in memory.

How could we do this ? Thanks for your anwser.

Answer 1

Amazon S3 can automatically encrypt data at rest by Protecting data using server-side encryption - Amazon Simple Storage Service. There are several ways to automatically handle the encryption keys. This type of encryption will automatically decrypt when the data is accessed, if the user has permission to access the object and the encryption keys.

Encryption in transit is handled by communicating with S3 via HTTPS protocols, which is the default and recommended method.

S3 can also assist with Protecting data using client-side encryption - Amazon Simple Storage Service if desired. This involves providing an encryption key to the AWS SDK, which can encrypt data before it is sent to S3, and decrypt it when it comes from S3.