AWS prescriptive-guidance documentation change
Summary
Restructured and updated cryptographic guidance with new sections on AWS cryptographic foundations, recommended algorithms (including post-quantum cryptography), and expanded algorithm tables with status classifications.
Security assessment
The changes enhance documentation of AWS's cryptographic practices and introduce post-quantum algorithms, but there's no evidence of addressing a specific vulnerability. Updates reflect proactive security improvements rather than patching existing issues.
Diff
diff --git a/prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md b/prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md index d2c0d2493..904fade94 100644 --- a//prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md +++ b//prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md @@ -5 +5 @@ -AWS cryptography servicesAbout cryptographic algorithmsCryptographic algorithms +AWS cryptographic foundationsCryptographic algorithmsRecommended cryptographic algorithms in AWSCryptography used in AWS services @@ -7 +7 @@ AWS cryptography servicesAbout cryptographic algorithmsCryptographic algorithms -# Cryptography algorithms and AWS services +# AWS approach to cryptography @@ -9 +9 @@ AWS cryptography servicesAbout cryptographic algorithmsCryptographic algorithms -An _encryption algorithm_ is a formula or procedure that converts a plaintext message into an encrypted ciphertext. If you are new to encryption or its terminology, we recommend that you read [About data encryption](https://docs.aws.amazon.com/prescriptive-guidance/latest/strategy-data-at-rest-encryption/about-data-encryption.html) before proceeding with this guide. + _Cryptographic algorithms_ are mathematical constructions designed to provide security services like confidentiality (encryption), authenticity (message authentication codes and digital signatures) and non-repudiation (digital signatures). If you are new to cryptography, encryption, and related terminology, we recommend that you read [About data encryption](https://docs.aws.amazon.com/prescriptive-guidance/latest/strategy-data-at-rest-encryption/about-data-encryption.html) before proceeding with this guide. @@ -11 +11 @@ An _encryption algorithm_ is a formula or procedure that converts a plaintext me -## AWS cryptography services +## AWS cryptographic foundations @@ -13 +13 @@ An _encryption algorithm_ is a formula or procedure that converts a plaintext me -AWS cryptography services rely on secure, open-source encryption algorithms. These algorithms are vetted by public standards bodies and by academic research. Some AWS tools and services enforce the use of a specific algorithm. In other services, you can choose between multiple available algorithms and key lengths, or you can use the recommended defaults. +Cryptography is an essential part of security for AWS. AWS services support encryption for data in transit, at rest, or in memory. You can learn more about the AWS commitment to innovation and investing in additional controls for sovereignty and encryption features in our blog post announcing the [AWS digital sovereignty pledge](https://aws.amazon.com/blogs/security/aws-digital-sovereignty-pledge-control-without-compromise/). @@ -15 +15 @@ AWS cryptography services rely on secure, open-source encryption algorithms. The -This section describes some of the algorithms that AWS tools and services support. They fall into two categories, symmetric and asymmetric, based on how their keys function: +AWS follows the [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) to protect your data. AWS services use trusted cryptographic algorithms that meet industry standards and foster interoperability. These algorithms are vetted by public standards bodies and academic research. The associated standards are widely accepted by governments, industry, and academia. @@ -17 +17 @@ This section describes some of the algorithms that AWS tools and services suppor - * _Symmetric_ encryption uses the same key to encrypt and decrypt the data. AWS services support Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES or TDES), which are two widely used symmetric algorithms. +AWS defaults to high-assurance cryptographic implementations and prefers hardware-optimized solutions that are efficient. Our cryptographic core library, [AWS-LC](https://github.com/aws/aws-lc), is available as open source for transparency and industry-wide reuse. The recommended cryptographic algorithms in AWS-LC are formally verified for correctness, and the library is validated under NIST's FIPS-140 program. @@ -19 +19 @@ This section describes some of the algorithms that AWS tools and services suppor - * _Asymmetric_ encryption uses a pair of keys, a public key for encryption and a private key for decryption. You can share the public key because it isn't used for decryption, but access to the private key should be highly restricted. AWS services typically support RSA and elliptic-curve cryptography (ECC) asymmetric algorithms. +## Cryptographic algorithms @@ -20,0 +21 @@ This section describes some of the algorithms that AWS tools and services suppor +We define three types of cryptographic algorithms: @@ -21,0 +23 @@ This section describes some of the algorithms that AWS tools and services suppor + * _Asymmetric_ _cryptography_ uses a pair of keys: a public key for encryption (or verifying) and a private key for decryption (or signing). You can share the public key because it isn't used for decryption, but access to the private key should be highly restricted. AWS services support or plan to support post-quantum algorithms, such as ML-KEM and ML-DSA. AWS services also support traditional cryptographic algorithms, such as RSA and elliptic-curve cryptography (ECC). @@ -22,0 +25 @@ This section describes some of the algorithms that AWS tools and services suppor + * _Symmetric_ _cryptography_ uses the same key to encrypt and decrypt, or authenticate and verify the data. AWS services generally integrate with AWS Key Management Service (AWS KMS) for encryption of data at rest, which uses a mode of AES-256. @@ -24 +27 @@ This section describes some of the algorithms that AWS tools and services suppor -AWS cryptographic services comply with a wide range of cryptographic security standards, so you can comply with governmental or professional regulations. For a full list of the data security standards that AWS services comply with, see [AWS compliance programs](https://aws.amazon.com/compliance/programs/). + * _Other cryptographic functions_ are used in conjunction with asymmetric and symmetric cryptography to build secure, practical protocols for confidentiality, integrity, authentication, and non-repudiation applications. Examples include hash functions and key derivation functions. @@ -26 +28,0 @@ AWS cryptographic services comply with a wide range of cryptographic security st -## About cryptographic algorithms @@ -28 +29,0 @@ AWS cryptographic services comply with a wide range of cryptographic security st -Cryptography is an essential part of security for AWS. AWS services support encryption for data in transit, at rest, or in memory. Many also support encryption with customer managed keys that are inaccessible to AWS. You can learn more about the AWS commitment to innovation and investing in additional controls for sovereignty and encryption features in the [AWS digital sovereignty pledge](https://aws.amazon.com/blogs/security/aws-digital-sovereignty-pledge-control-without-compromise/) (AWS blog post). @@ -30 +30,0 @@ Cryptography is an essential part of security for AWS. AWS services support encr -AWS is committed to using the most secure available cryptographic algorithms to meet your security and performance requirements. AWS defaults to high-assurance algorithms and implementations and prefer hardware-optimized solutions that are faster, improve security, and are more energy efficient. AWS follows the [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) to achieve confidentiality of your data at rest and in transit. @@ -32 +32 @@ AWS is committed to using the most secure available cryptographic algorithms to -AWS services use trusted cryptographic algorithms that meet industry standards and foster interoperability. These standards are widely accepted by governments, industry, and academia. AWS continues to deploy new cryptographic options to meet a high bar for security and performance. Our cryptographic core library, AWS-LC, is available as open source for transparency and industry-wide reuse. The recommended cryptographic algorithms in AWS-LC are formally verified for correctness, and it is validated under the FIPS-140 program from NIST. As the industry transforms to quantum-safe cryptography, AWS contributes to research, standards interoperability, and the open source community. +## Recommended cryptographic algorithms in AWS @@ -34 +34 @@ AWS services use trusted cryptographic algorithms that meet industry standards a -AWS closely tracks cryptographic developments, security issues, and research results. As deprecated algorithms and security issues are discovered, they are addressed. For more information, see the [AWS Security Blog](https://aws.amazon.com/blogs/security/tag/cryptography/). AWS remains committed to identifying compatibility issues with clients that use legacy security algorithms and to helping customers migrate to more secure options. AWS also remains involved in new cryptographic areas, which includes [post-quantum cryptography](https://aws.amazon.com/security/post-quantum-cryptography/) and [cryptographic computing](https://aws.amazon.com/security/cryptographic-computing/). +The following tables summarize the cryptographic algorithms, modes, and key sizes that AWS considers suitable for deployment across its services to protect your data. This guidance will evolve over time as cryptographic standards evolve. @@ -36 +36 @@ AWS closely tracks cryptographic developments, security issues, and research res -## Cryptographic algorithms +Algorithms available within services can vary and are explained in the documentation for each service. If you need a software library implementation for an approved algorithm, please check to see if it is included in the latest version of the [AWS-LC library](https://github.com/aws/aws-lc). @@ -38 +38 @@ AWS closely tracks cryptographic developments, security issues, and research res -The following tables summarize the cryptographic algorithms, ciphers, modes, and key sizes that AWS deploys across its services to protect your data. They should not be considered to be an exhaustive list of all cryptography options available in AWS. The algorithms fall into two categories: +Algorithms are approved for use in AWS under one of two categories: @@ -49 +49 @@ The following tables summarize the cryptographic algorithms, ciphers, modes, and -The following table lists asymmetric algorithms approved for use for encryption, key agreement, and digital signatures. If you need a software library implementation for one of these algorithms, please check to see if it is included in the latest version of the [AWS-LC library](https://github.com/aws/aws-lc). If you need a support for an algorithm in a web service, please check to see if it is included in the [current set of the asymmetric operations](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) offered by AWS Key Management Service. +The following table lists asymmetric algorithms considered suitable for use within AWS for encryption, key agreement, and digital signatures. @@ -51 +51 @@ The following table lists asymmetric algorithms approved for use for encryption, -Type | Algorithm | Status +**Type** | **Algorithm** | **Status** @@ -53 +53 @@ Type | Algorithm | Status -Encryption | RSA-OAEP (2048 or 3072-bit modulus) | Acceptable +Encryption | RSA-OAEP (≥2048-bit modulus) | Acceptable @@ -55,4 +55,3 @@ Encryption | HPKE (P-256 or P-384, HKDF and AES-GCM) | Acceptable -Key Agreement | ML-KEM-768 or ML-KEM-1024 | Preferred (quantum-resistant) -Key Agreement | ECDH(E) with P-384 | Acceptable -Key Agreement | ECDH(E) with P-256, P-521, or X25519 | Acceptable -Key Agreement | ECDH(E) with brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 | Acceptable +Key agreement | ML-KEM-768 or ML-KEM-1024 | Preferred (quantum-resistant) +Key agreement | ECDSA with P-256, P-384, P-521, or Ed25519 | Acceptable +Key agreement | ECDH(E) with brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 | Acceptable @@ -60 +59 @@ Signatures | ML-DSA-65 or ML-DSA-87 | Preferred (quantum-resistant) -Signatures | SLH-DSA | Preferred (quantum-resistant software/firmware signing) +Signatures | SLH-DSA | Acceptable (quantum-resistant) @@ -63 +62 @@ Signatures | ECDSA with P-256, P-521, or Ed25519 | Acceptable -Signatures | RSA-2048 or RSA-3072 | Acceptable +Signatures | RSA (≥2048-bit modulus) | Acceptable @@ -67 +66 @@ Signatures | RSA-2048 or RSA-3072 | Acceptable -The following table lists symmetric algorithms approved for encryption, authenticated encryption, and key wrapping. If you need a software library implementation for one of these algorithms, please check to see if it is included in the latest version of the [AWS-LC library](https://github.com/aws/aws-lc). If you need a support for a symmetric algorithm implementation in a web service, the AES-GCM implementation in AWS Key Management Service is the only option available. +The following table lists symmetric algorithms considered suitable for use within AWS for encryption, authenticated encryption, and key wrapping. @@ -69 +68 @@ The following table lists symmetric algorithms approved for encryption, authenti -Type | Algorithm | Status +**Type** | **Algorithm** | **Status** @@ -71,7 +70,7 @@ Type | Algorithm | Status -Authenticated Encryption | AES-GCM-256 | Preferred -Authenticated Encryption | AES-GCM-128 | Acceptable -Authenticated Encryption | ChaCha20/Poly1305 | Acceptable -Encryption Modes | AES-XTS-256 (for block storage) | Preferred -Encryption Modes | AES-CBC / CTR (unauthenticated modes) | Acceptable -Key Wrapping | AES-GCM-256 | Preferred -Key Wrapping | AES-KW or AES-KWP with 256-bit keys | Acceptable +Authenticated encryption | AES-GCM-256 | Preferred +Authenticated encryption | AES-GCM-128 | Acceptable +Authenticated encryption | ChaCha20/Poly1305 | Acceptable +Encryption modes | AES-XTS-256 (for block storage) | Preferred +Encryption modes | AES-CBC / CTR (unauthenticated modes) | Acceptable +Key wrapping | AES-GCM-256 | Preferred +Key wrapping | AES-KW or AES-KWP with 256-bit keys | Acceptable @@ -79 +78 @@ Key Wrapping | AES-KW or AES-KWP with 256-bit keys | Acceptable -### Cryptographic functions +### Other cryptographic functions @@ -81 +80 @@ Key Wrapping | AES-KW or AES-KWP with 256-bit keys | Acceptable -The following table lists supported algorithms for hashing, key derivation, message authentication, and password hashing. +The following table lists algorithms considered suitable for use within AWS for hashing, key derivation, and message authentication. @@ -83 +82 @@ The following table lists supported algorithms for hashing, key derivation, mess -Type | Algorithm | Status +**Type** | **Algorithm** | **Status** @@ -85,2 +84,2 @@ Type | Algorithm | Status -Hashing | SHA2-384 | Preferred -Hashing | SHA2-256 | Acceptable +Hashing | SHA-384 | Preferred +Hashing | SHA-256 | Acceptable @@ -88,7 +87,13 @@ Hashing | SHA3 | Acceptable -Key Derivation | HKDF_Expand or HKDF with SHA2-256 | Preferred -Key Derivation | Counter Mode KDF with HMAC-SHA2-256 | Acceptable -Message Authentication Code | HMAC-SHA2-384 | Preferred -Message Authentication Code | HMAC-SHA2-256 | Acceptable -Message Authentication Code | KMAC | Acceptable -Password Hashing | scrypt with SHA384 | Preferred -Password Hashing | PBKDF2 | Acceptable +Key derivation | HKDF_Expand or HKDF with SHA-256 | Preferred +Key derivation | Counter Mode KDF with HMAC-SHA-256 | Acceptable +Message authentication code | HMAC-SHA-384 | Preferred +Message authentication code | HMAC-SHA-256 | Acceptable +Message authentication code | KMAC | Acceptable +Password hashing | scrypt with SHA384 | Preferred +Password hashing | PBKDF2 | Acceptable + +## Cryptography used in AWS services + +AWS services rely on secure, open-source implementations of vetted algorithms to protect your data. The specific choices and configurations of algorithms will vary by service. Some AWS tools and services use a specific algorithm. In others, you can choose between supported algorithms and key lengths, or you can use the recommended defaults. + +AWS cryptographic services comply with a wide range of cryptographic security standards, so you can comply with governmental or industry regulations. For a full list of the data security standards that AWS services comply with, see [AWS compliance programs](https://aws.amazon.com/compliance/programs/).