Demystifying AWS KMS (Key

Management Service)
This material is entirely my own
and has not been reviewed by
AWS. It should not be
considered canonical and might
contain errors. It is provided “as
is.” Think of it as my scribbles
on the board in the classroom.

www.linkedin.com/in/carel-grove
Data encryption
Agenda

• Data encryption
• AWS KMS
• AWS KMS Keys
• KMS:GenerateDataKey
• KMS:Decrypt
Why isn’t everything encrypted everywhere?

• Because it is hard?
• The encryption part is easy.
• The hard part is the keys
• Generating keys
• in software (PRNG)
• in hardware (HRNG)
• Storing keys
• On the server’s disk drive
• In secure hardware
Key generation and storage in hardware

• Smart Card
• SIM chip (a type of smart card)
• Trusted Platform Module (TPM)
• Apple Secure Enclave & T2 chip
• Hardware Security Module
Some Countermeasures
It is a digital safe

• Tamper-responsive design: respond to tampering events by erasing sensitive data

• Environmental Sensors: These sensors can detect changes in temperature, humidity,
light, or pressure that might indicate a tampering attempt. For example, if someone tries
to freeze a device to slow down its internal clock, a temperature sensor might detect the
change and trigger a defensive response.
• Active Meshes: These are circuits or wires that surround the device. If the mesh is cut or
broken – as might happen during an attempt to drill into the device – the circuit is
broken, and the device can trigger a defensive response.
• Voltage and Clock Monitoring: Some devices monitor their own power supply and
internal clock. If the power supply or clock signal is interrupted or altered, this might
indicate a tampering attempt.
• Chain of custody from manufacture to customer handover: Like evidence from a crime
scene. Prevent tampering with device between manufacture and when a customer starts
using it.
Communication – Request / Response
Server and HSM communicate with commands like terminal and mainframe

Server HSM
1. Generate keypair

3. Done

2. Authenticate & Authorize

Security Officer(s)
Challenges with HSMs
Also, deploying this at scale, running for years is a very challenging task

Proprietary

Server HSM

Command

Proprietary
Response

Very limited
Proprietary storage
Security Officer(s)
AWS KMS
Four of the main actors
Symmetric envelope encryption used by over 120 AWS services

Over 120 AWS services AWS KMS Service AWS KMS HSM

AWS Storage
Comms between the main actors

API calls to
120+ AWS services KMS AWS KMS Service AWS KMS HSM

AWS Storage
 Here is how is DOESN’T Work 1/3

AWS KMS Service AWS KMS HSM

Amazon S3

Here is a 50MB file; Here is a 50MB

file, encrypt with Here is a 50MB
upload to S3 and
file, encrypt with
encrypt with KMS key
key
key “MyKMSKey123” “MyKMSKey123”
“MyKMSKey123”
Here is how is DOESN’T Work 2/3

AWS KMS Service AWS KMS HSM

Amazon S3

Encrypting
50MB file
 Here is how is DOESN’T Work 3/3

AWS KMS Service AWS KMS HSM

Amazon S3

The file has been Here is the

encrypted file Here is a
encrypted and
encrypted file
stored back
back
AWS KMS Keys
Well, the main ones anyway…
To understand how it actually works, some details on keys
There are more keys but let's keep it as simple as possible

• KMS Key (not a cryptographic key!)

• HBK (HSM-Backing Key – referred to as “key material”)
• EKT (Exported Key token)
• CDK (Customer Data Key referred to as “Data Key” in some docs)
• DEK (Derived Encryption Key)
DEMO
Create a KMS key
What is a KMS Key

• Not a cryptographic key

• Think of it as an entry in a database in the AWS KMS Service (not in
the AWS KMS HSM!) with a name (Alias) and an ARN plus metadata
(attributes, policy, etc.)
• It points to an actual key (EKT and HBK - more later)
• The KMS “key” is not used to encrypt or decrypt anything
• (Nor is it used to derive another key to encrypt or decrypt anything)
HBK (HSM Backing Key) - the so-called “key material”

• The HBK is an actual symmetric cryptographic key and is associated with the KMS “Key”
• It is generated inside the AWS KMS HSM (as part of the same operation when you create
a KMS Key)
• After being generated, the HBK is in turn encrypted by the AWS KMS HSM and exported
to AWS Storage.
• In its encrypted form in AWS Storage it is called the EKT (Exported Key Token)
• This prevents the AWS KMS HSMs from filling up almost immediately with a gazillion
keys.
• When the HBK is needed for an operation, the EKT is imported into the AWS KMS HSM,
and decrypted for use.
• It never leaves the AWS KMS HSM in unencrypted form
• Details about the HBK and EKT are stored with the KMS key as metadata attributes of the
KMS key
There are more sources of “key material”
But this (AWS KMS HSM) is the recommended use case

When creating a
KMS key you can
select where you
want the
corresponding key
material for that
KMS key to come
from
Where the keys “live”

KMS “Key”
AWS KMS Service AWS KMS HSM • The AWS KMS “Key” has
metadata that reference
the corresponding EKT /
HBK
• The HBK is only in the
KMS when initially
HBK (HSM Backing Key) generated or when it
AWS Storage needs to be used.
• When the HBK is
required for an
operation, the AWS KMS
EKT (Exported Key Token)
Service imports the EKT
into the AWS KMS HSM.
This might surprise you, but

• None of these keys (KMS “Key”, HBK or EKT) encrypt / decrypt any of
your data.
• That is right, these keys do not encrypt or decrypt your data
• Your data gets encrypted / decrypted by yet another key: the CDK
(Customer Data Key) – more in a moment.
• The job of the HBK is NOT to encrypt your data, but to derive a 5th (!)
key - the DEK (Derived Encryption Key).
• The DEK does not encrypt your data either, it encrypts the CDK
 Thus… Envelope encryption – the full story
The only key that every
POINTS TO actually encrypt or ENCRYPTS
decrypt your data. A new DECRYPTS
one is generated inside @ the calling
KMS “Key” the HSM every time a CDK Plaintext CDK service Your data
is requested
S
(Data Key) (SSE-KMS) +
YPT
R
D EC Ciphertext CDK
+ Nonce /
TS
(Data Key)
YP
The same key - DERIVE CR
EN The same key -
HBK is the HBK DEK
Plaintext CDK is the
unencrypted (HSM Backing Key) (Derived Encryption Key)
version inside unencrypted version sent (over
TLS) to the AWS service (e.g. S3)
HSM
that is used it to do the actual
encryption
EKT is the
encrypted
version Ciphertext CDK is the
encrypted version sent (over
outside the
TLS) to the AWS service (e.g. S3)
HSM in AWS
Storage EKT Ciphertext CDK where the service stores it along
(Exported Key Token) (Data Key) with the encrypted data
The CDK (Customer Data Key)

• This is the actual key that encrypts / decrypts your data.

• Every time something needs to be encrypted using KMS, the AWS service
that needs to encrypt it (such as S3) calls KMS and asks KMS to generate a
new CDK
• The CDK is generated inside the AWS KMS HSM from scratch every time it
receives a new request to generate a CDK.
• The CDK has no cryptographic relationship with any other the other keys,
you get a brand new unique one every time KMS is asked to generate one.
• The actual encryption / decryption happens on the AWS service that
requested the key (such as Amazon S3 or 120 + other AWS services that
work with KMS).
• The service uses the Plaintext version of this key to encrypt and decrypt
your data
SSE-KMS Demo at an AWS service level (EC2, S3)

• Show how KMS Key is used to

encrypt EBS volumes in EC2
• Create S3 bucket and set bucket
to encrypt by default with SSE-
KMS
• Upload an object to the bucket
KMS:GenerateDataKey
 Here is how is encryption ACTUALLY Works 1

AWS KMS Service AWS KMS HSM

Amazon S3

Here is a 50MB file; AWS Storage

Generate a new New Customer
upload to S3 and CDK under Data Key
encrypt with KMS
“MyKMSKey123” Generated from
key “MyKMSKey123”
scratch inside
HSM
Here is how is encryption ACTUALLY Works 2

AWS KMS Service AWS KMS HSM

Amazon S3

(2) Import EKT

AWS Storage
associated with KMS Key
“MyKMSKey123”

(1) Get EKT associated

with KMS Key
“MyKMSKey123”
Here is how is encryption ACTUALLY Works 3

(1) Decrypt EKT to get HBK

AWS KMS Service AWS KMS HSM
(2) Generate random Nonce*

(3) Use HBK and Nonce to derive DEK

(4) Use DEK to encrypt CDK

AWS Storage (4) Flush HBK, DEK and Nonce

The ciphertext contains two sections: an unencrypted

header (or cleartext) portion, and an encrypted portion.

* Nonce = a number that is used only once

Here is how is encryption ACTUALLY Works 4

AWS KMS Service AWS KMS HSM

Amazon S3

AWS Storage
Return Plaintext CDK &
Ciphertext CDK
 Here is how is encryption ACTUALLY Works 5

(2) S3 performs SSE- AWS KMS Service AWS KMS HSM

KMS (Server Side
Encryption-KMS) on
the 50MB data file
using the plaintext
CDK. When
finished, S3 flush Amazon S3
the CDK

AWS Storage
(1) Return
(3) S3 Flush the Plaintext CDK &
plaintext 50MB data Ciphertext CDK
file and stores the
ciphertext 50MB
data file WITH the
ciphertext CDK
Here is how is encryption ACTUALLY Works 6

AWS KMS Service AWS KMS HSM

Amazon S3

AWS Storage

All done!
KMS:Decrypt
 Here is how is decryption ACTUALLY Works 1

AWS KMS Service AWS KMS HSM

Amazon S3

Decrypt and give me Here is the AWS Storage

my 50MB encrypted ciphertext CDK
file encrypted under encrypted under Get the EKT
KMS key
KMS Key associated with
“MyKMSKey123”
“MyKMSKey123” KMS Key
please decrypt it “MyKMSKey123”
and send the
plaintext key
Here is how is decryption ACTUALLY Works 2

AWS KMS Service AWS KMS HSM

Amazon S3

AWS Storage (1) Import EKT

(2) Import ciphertext CDK
supplied by S3
(3) Decrypt EKT to get HBK
(4) Extract Nonce from CDK
Here is how is decryption ACTUALLY Works 3

AWS KMS Service AWS KMS HSM

Amazon S3

(1) Use HBK and Nonce to

AWS Storage
re-derive the DEK that
originally encrypted the
CDK
(2) Decrypt the ciphertext
CDK with the DEK to get
plaintext CDK
 Here is how is decryption ACTUALLY Works 4

AWS KMS Service AWS KMS HSM

Amazon S3

1) Return plaintext CDK

AWS Storage
4) Here is your 3) Use the plaintext CDK 2) Flush HBK, Nonce and
decrypted 50 MB file to decrypt the encrypted DEK
delivered over TLS! file using SSE
AWS KMS HSM
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4523.pdf