Read time: 6 minutes

Pretty Good Privacy or PGP is a cryptographic method for communicating privately over the Internet. It encrypts data and provides cryptographic privacy and authentication for online communication. It is frequently used to encrypt documents, emails, and files to improve email security. Data compression, hashing, and public-key cryptography are all used in PGP encryption. PGP also verifies the sender’s identity and ensures that the message was not tampered with while in transit.

It also encrypts data being exchanged across networks using symmetric and asymmetric keys. It combines both private and public-key cryptography features. It uses a different encryption algorithm at every step, and a username and email are associated with each public key.

Working of PGP Encryption

PGP is a type of hybrid cryptography. PGP combines the best features of both symmetric and public-key cryptography in one bundle. When a user encrypts plaintext with PGP, the plaintext is compressed first. Data compression reduces transmission time and disc space use while also improving cryptographic security. Most cryptanalysis techniques use patterns present in plaintext to exploit the cipher. Compression increases cryptanalysis resistance by reducing the patterns in plaintext (Files with very small sizes are not compressed).

PGP generates a session key, which is a secret key and is generated only once. This key generates a random number from the movement of your cursor and the keystrokes you type. This session key is used to encrypt the plaintext with a very secure and fast symmetric encryption algorithm, and the output is ciphertext. The session key is then encrypted with the recipient’s public key after the data has been encrypted.

Sender Side Process
Sender Side Process

The decryption of encrypted data works in reverse. The temporary session key can be recovered using the recipient’s private key, which is then used to decrypt the ciphertext encrypted with symmetric cryptography.

Receiver Side Process
Receiver Side Process

The two encryption methods are combined to give you the convenience of public-key encryption with the speed of symmetric encryption. Public key encryption is much faster than conventional encryption. In turn, public-key encryption solves key distribution and data transfer issues. When both are used in combination, performance and key distribution improve without compromising security.

Use Cases of PGP Encryption

The major uses of PGP encryption are:

  • To encrypt data.
  • To send and receive encrypted emails.
  • To verify the sender’s identity.

Encrypt Data: PGP can be used to encrypt files. PGP offers a highly secure solution of encrypting data at rest, especially when combined with a Threat Detection and Response Solution. The algorithm used by PGP – typically the RSA algorithm – is nearly unbreakable. This technique is so safe as it has been employed in high-profile malware like the CryptoLocker virus.

Encrypt Emails: PGP is mainly used to send encrypted emails. Activists, journalists, and others who deal with sensitive data were the primary users of PGP in its early years. PGP’s popularity has grown at a rapid pace. As more individuals become aware of how much data corporations and governments collect, many people are now using the standard to keep their personal information private.

Identity Verification: PGP can also be used for email verification. For example, if a person is doubtful about the identity of someone sending them a message, they can use a Digital Signature in combination with PGP to authenticate it.
Digital signatures work by combining the sender’s public key with the data they send via an algorithm. A hash function is generated using another algorithm that converts a message to a fixed-size data block which is then encrypted with the sender’s private key.
The data is then decrypted by the recipient using the sender’s public key. The recipient will be informed if even one character of the message has been altered in transit.

Pros of PGP Encryption

Benefits of using PGP encryption are:

  • It is extremely secure and nearly unbreakable.
  • It improves cloud security.
  • Easy to learn and use.

PKI Assessment

Cons of PGP Encryption

Some limitations of PGP Encryption are:

  • There is no recovery process if passwords are forgotten or deleted.
  • The information will either not be decrypted or decoded by only one party unless both the sender and the receiver have compatible versions of PGP software.

How to Create PGP Key Pair

Prerequisite: In this article, we discuss how PGP key pair can be generated using GnuPG. You can download GnuPG from the given link:

Follow the steps below to generate PGP key pair:

1. Open the Command Prompt (cmd) as Administrator.

2. Execute the command below to create a key pair:
$ gpg –full-generate-key

3. Now, It prompts with the below configurations based on the information provided by the requestor:

  1. Select key type that you want to create:
    We have selected RSA and RSA (default).

  1. Now, it prompts for the size of the key between 1024 and 4096.
    3072 is the default key length. You can hit enter to select 3072.

  1. Now, it will prompt for the validity of the key.
    Zero (0) is the default. You can hit enter to select 0.


  1. It will prompt you to confirm that the key does not expire at all.


  1. Now, enter the Real name, Email address, and Comment.
    Real name can be the name of a person, product, or company.
    You can leave the comment blank.


  1. Validate the Name, Email, and comment.
    Type O for Okay.

  1. Now, a prompt will open for the passphrase, enter the passphrase, and hit enter.


  1. Copy the Public Key ID from the output.

4. Export the Public and Private Keys:

  1. To export the Public Key, enter the command below:
    $ gpg –export -a keyid > publickeyname.key


  1. To export the Private Key, enter the command below:
    $ gpg –export-secret-key -a keyid > privatekeyname.key


It will prompt for the password that you enter in Step 3.g.
Enter the passphrase and hit enter.


Note: Both Public and Private keys will be saved in the directory where the export commands are executed.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


Read time: 30 minutes

A secure connection to websites is vital to ensure sensitive data is not stolen in transit, and this process is accomplished through Secure Sockets Layer (SSL) via SSL certificates. What is an SSL certificate, you may ask? An SSL certificate moves your connection from an HTTP connection to an HTTPS connection. HTTP, or Hypertext Transfer Protocol, is an insecure connection between a web browser and a website. The reason HTTP is so insecure is due to its lack of encryption of data, which is what HTTPS does. HTTPS, or Hypertext Transfer Protocol Secure, implements encryption of data-in-transit to ensure that even if a Man in the Middle (MITM) attack occurred, that data would not be readable to the threat actor. SSL stripping bypasses this, however. With SSL stripping, attackers can implement a MITM attack and change the connection from an HTTPS connection to the unprotected HTTP connection. Before we look at how an SSL strip works, first we need to answer a common question: what is SSL?

Understanding Secure Sockets Layer

Client-Server - TCP TLS

Source 1:

SSL, more commonly known as Transport Layer Security (TLS) or SSL/TLS, is method of encrypting traffic through the Internet and authenticating a server’s identity. This encryption is accomplished through the TLS Handshake. When a user tries to connect to a webserver through their browser, they initiate a TCP Handshake and then a TLS Handshake between the client and server. A TCP Handshake is fairly straightforward, compared to a TLS Handshake. The TCP Handshake starts with a SYN message from the client to the server, as you can see in the above diagram. A SYN message contains a sequence number set by the client, which is then acknowledged by the server by its incrementation of the sequence number. The incremented sequence number is sent to the client, to acknowledge that server received it. Along with the incremented number, the server also sends its own chosen sequence number to be acknowledged by the client. The client’s acknowledged sequence number as well as the server’s sequence number are sent in a message called a SYN/ACK. The final step of a TCP Handshake occurs when the client acknowledges the server’s sequence number, through incrementation, in the ACK message.

The TCP Handshake is unencrypted, as its only purpose is to connect the client and server in the first place. The TLS Handshake is where encryption comes in. A TLS Handshake includes several steps, beginning with the Client Hello:

  1. Client Hello message: The Client Hello initiates contact between the client and server. The client sends a “hello” message to the server. This “hello contains SSL/TLS information necessary for a proper TLS connection, including SSL/TLS version and the cipher suites supported by the client for server use, and a string of random bytes referred to as the “client random”.
  2. Server Hello message: The Server Hello is sent in response to the Client Hello. Contained within the Server Hello are the server’s SSL certificate, the chosen cipher suite of the server, and the “server random”. Like the “client random”, this is another random string of bytes.
  3. Authentication of the server’s SSL certificate: The next step in the TLS Handshake is that the client authenticates that the server’s SSL certificate is valid and owned by who the server says it is. This process is done by the client checking with the Certificate Authority (CA) who issued the certificate and verifying this information.
  4. The premaster secret: The client then sends another random string of bytes to the server, encrypted with the server’s public key. When a keypair is created, it contains a public key and private key, known by all and known by no one but the creator, respectively. As only the keypair owner knows the private key, anything encrypted by the server’s public key can only be decrypted with the server’s private key. This step adds another way to verify the identity of the server.
  5. Premaster secret decryption: The private key of the server is used to decrypt the premaster secret, verifying the server’s identity to the client.
  6. Session key creation: Using the “client random”, the “server random”, and the premaster secret, both the client and the server generate a session key. If the server and client both have the correct keys, meaning they are who they say they are, the session keys created should be identical.
  7. Client Finished message: The client sends the server a message that says “Finished”, which is encrypted with the session key. If the server is who it says it is, they should be able to decrypt the message, as they should have generated the same session key.
  8. Server Finished message: The server sends the client a message that says “Finished”, which is encrypted with the session key. If the client is who they say they are, they should be able to decrypt the message, as they should have generated the same session key.
  9. Secure symmetric encryption is used: Now, using asymmetric encryption, a symmetric encryption connection is setup. Asymmetric encryption involves the use of two keys, while symmetric encryption involves only one key. The client and server will now use the generated session key to symmetrically encrypt all of their communications.

Now that we have answered the question of what is SSL, we can see how SSL stripping occurs.

SSL Stripping

The process of SSL stripping is a fairly straightforward Man in the Middle attack. An SSL strip, as the name implies, strips a connection from an HTTPS connection to a lesser HTTP connection. The attacker does this by setting themselves up in the middle of the connection between the client and the server. This allows the threat actor to intercept all traffic between the client and the server. As a connection is started with the unencrypted TCP Handshake, this is where the SSL stripping occurs. How it works is the user sends a request to the server to access a webpage, like The attacker intercepts that message, but sends it along to the anyways. The reason they send it to the server is to receive the SYN/ACK it sends out to the client after receiving the website request. Now, the threat actor sends the website connection back to the client, but instead of the original website requested, it is instead

Since the connection is now HTTP instead of HTTPS, every message, including any sensitive data, sent across the connection is visible to the man in the middle. This includes passwords, usernames, and bank account information sent along by the user. Threat actors could also potentially setup a proxy server with a similar name to the requested server, allowing them to further infect a victim with malware. Setting up of a proxy server with SSL stripping is a much more successful way of following victims compared to phishing attacks. Phishing attacks are a method of fooling a victim into visiting a webpage that looks legitimate, allowing the attacker to steal sensitive information entered into different fields by the victim. With SSL stripping, a user may never know they have been giving attackers sensitive information. Attackers can implement SSL stripping with either ARP spoofing, a proxy server, or by using Hotspot. Now that we know how SSL stripping works, let’s see how to detect if SSL stripping has occurred, and how to protect from it.

Detection and Best Practices

SSL stripping can be detected a number of different ways. The most obvious way to note if your connection has been through SSL stripping is looking at the web address in the search bar. The web address will have http next to the web address, as opposed to https, if SSL stripping has occurred. Also, you will note that the padlock at the left end of the search bar will look unlocked or red, meaning the connection is not in the HTTPS format you desire. Another way to find out that SSL stripping has occurred is by noting any faulty design details in the website. If you suspect SSL stripping has occurred, finding miniscule details on the webpage that look much different than the legitimate page can tip you off. Things like slightly tweaked company logos, a lack of multiple pages within the website, or even spelling errors can let you know that this isn’t the website you think it is.

Once SSL stripping is detected, the next step is thwarting it, now and in the future. One of the best prevention methods for stopping SSL stripping is noting irregularities in the search bar or webpage in the first place. Once you are alert for this threat, you can constantly be on the lookout for SSL stripping attacks. Team members within your organization should also be aware of this threat to protect themselves and the company from SSL stripping. Training classes via experienced team members or trained professionals will go a long way towards safeguarding sensitive data. Another way to protect web browsers from SSL stripping is through manually entry of the URL in the search bar. Most Man in the Middle attacks are started via redirections from one website to the target website. With this redirection, an attacker can set up in the middle of a data exchange between a client and server. By entering the URL into the search bar by your own hand, you can stop the Man in the Middle attack from beginning in the first place.

Browser extensions are another strong method of stopping both Man in the Middle attacks and SSL stripping. Extensions like HTTPS Everywhere use domain and rule lists to handle page calls through HTTPS connections, meaning all calls to web pages are done through HTTPS connections exclusively. If you work as a website administrator, you should also follow certain best practices to ensure SSL stripping cannot occur with your website. The main way to do this is by enabling SSL sitewide. Many threat actors take advantage of websites with SSL only enabled on one web page, but by enabling SSL sitewide attackers will have more difficulty setting up an SSL stripping operation. Even pictures and links within webpages should be protected with SSL certificates.

One of the biggest protection methods from SSL stripping is the use of HTTP Strict Transport Security. HTTP Strict Transport Security, or HSTS, is a policy where websites only allow connections utilizing HTTPS connections. This stops attackers from using SSL stripping to connect users to websites via HTTP connections. Requests that use an HTTP connection will automatically be rerouted to an HTTPS connection with HSTS in place. Once HTTP Strict Transport Security is in place, your domain name can be added to the HSTS preload list. This list is used by many search engines including Google Chrome, Mozilla Firefox, and other big search engines to prevent any HTTP connections to that browser. Included with the domain name of your web browser in the preload list is any subdomains and Top Level Domains. Also, certain Top Level Domains (TLDs), like .APP, are on the preload list by default. This means any .APP website is automatically encrypted with HTTPS, and never HTTP.

A few final steps you can utilize in your environment to protect from SSL stripping are as follows:

  •  Usage of Virtual Private Networks: Virtual Private Networks, or VPNS, protect user data on websites no matter the connection type. If a user is using a VPN when viewing an HTTP website, data remains encrypted due to the Virtual Private Network. This extra layer of security can help an entire network or a single user.
  • Avoidance of public Wi-fi: Public Wi-fi hotspots, especially airport Wi-fi hotspots, are perfect for Man in the Middle attacks. Sensitive data can be easily intercepted, or user can be redirected to malicious websites, via public Wi-fi.
  • Cookies and bookmarks: If you are on a trusted network, bookmark your websites where you enter sensitive information. Once you reach a website with HTTPS, like a banking website, bookmark that secure website for future use, as the bookmarked website will always have an HTTPS connection. Along with this, enabling secure cookies ensures that all cookie data is served with secure traits.

  • Unknown links and HTTPS: The most obvious, but still frequently occurring, way to stop SSL stripping is by never clicking suspicious links and never accepting a connection to a website without HTTPS. If a website has an HTTP connection, leave the website and retype the URL.

Design your Certificate Lifecycle System

How Encryption Consulting Can Protect You

A number of our services at Encryption Consulting can help defend your organization against attacks like SSL stripping. Our Encryption Advisory services can help your company identify any security gaps within your IT infrastructure, including missing or expired Secure Sockets Layer certificates. We then design and implement a plan to cover all your security issues, thus protecting your sensitive data from malicious attackers. For SSL/TLS certificates issues, we recommend usage of certificate lifecycle management tools, or movement to Cloud PKI services. Setting up a Public Key Infrastructure on a Cloud platform, such as Amazon Web Services, allows you to use AWS SSL certificates, for a better managed and protected infrastructure. Working with your teams, we help design a strategy to encrypt data at every phase, especially data-at-rest and data-in-motion like data sent across an HTTP connection. Our expert team will implement our strategy for encryption in the exact way your company desires, allowing you to customize your requirements as much as you wish.

We also offer our Certificate Lifecycle Management services to customers as well. Encryption Consulting offers a broad range of services in the Certificate Management space, from strategy to implementation and managed services. Encryption consulting can help solve the problems and challenges faced with certificate lifecycle management, by:

  • Establishing requirements, and designing the architecture
  • Performing a network discovery scan
  • Importing existing certificates
  • Configuring policies and reports
  • Onboarding a set of pilot applications
  • Preparing documentation for operations and training
  • Developing a plan for addressing gaps
  • Developing a guide for process/operations and offering certified training

With our Certificate Lifecycle Management services, we can help you monitor and protect SSL certificates on-premises as well as in the Cloud. We support Cloud certificate services on a variety of platforms, including AWS, Microsoft Azure, and Google Cloud Platform (GCP).

One last service we offer that can help defend you from SSL stripping attacks are our Public Key Infrastructure assessment, strategy and implementation services. With this service, we will help you assess what requirements your organization should set for it’s PKI to gain the most protection and benefits from it. In our strategy phase, we create a roadmap to help you understand how to reach all of your Public Key Infrastructure requirements at the least cost to you. In the final stage, the implementation phase, we create the Public Key Infrastructure based off of the roadmap made in the previous stage. Our PKIs are created with your requirements in mind, meaning they are in compliance with any standards, like FIPS 140-2 or PCI DSS, that you may need to meet. To go along with our advising services, we also offer PKI-as-a-Service to customers. With our PKI-as-a-Service, we create a hybrid Public Key Infrastructure, with the Root CA located either at our datacenter in Dallas, Texas, or on your own premises. We can also give your organization as much or as little permissions and management tasks as you desire. We can manage the entirety of the Public Key Infrastructure for you, if you desire.


Throughout our guide, we have answered a number of common questions, such as what is SSL and what is an SSL certificate. In answering these questions, we developed a better understanding of how an SSL Handshake occurs, as well as how threat actors manipulate the unsecured TCP Handshake that occurs before the SSL/TLS Handshake, to intercept sensitive data sent across a connection. Along the way, we also learned how SSL stripping attacks occur and the details of how they can steal information from users. Even with an AWS SSL certificate, attackers can still set up Man in the Middle attacks to strip your connection from an HTTPS connection to an HTTP connection. Attackers use redirect links and public Wi-fi hotspots to strip your connection to a legitimate website and steal your information. Luckily, there are a number of different best practices you or your organization can implement to defend against SSL stripping attacks. Virtual private networks are a great method of protecting SSL connections, as they cover an entire network and they keep your data encrypted whether you connect to a website via HTTP or HTTPS. Other, simpler, methods of stopping SSL stripping include utilizing bookmarks on HTTPS connected websites, enabling secure cookies, avoiding public Wi-fi hotspots, never clicking unknown links, and never continuing to a website without an HTTPS connection. Another way to protect your organization that we discussed is hiring Encryption Consulting’s data protection services to help manage your Public Key Infrastructure, certificate lifecycle, and to help find and patch any gaps in your security infrastructure.

To learn more about how Encryption Consulting can protect your sensitive data, visit our website at:

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


Read time: 4 minutes

SCEP or Simple Certificate Enrollment Protocol, is an open-source certificate management protocol that stands for , automating the task of certificate issuance. Public key infrastructure (PKI) certificate issuance requires a process for information exchange with a trusted Certificate Authority (CA). This is required so that it can authenticate the information provided by the user, like domain name and identities associated with the Certificate. By automating this process, SCEP makes it easy and faster for the IT team to enroll certificates on devices without having to manually exchange the information. Using a URL to exchange information and a shared secret to communicate with the CA, a device can easily enroll for a certificate.

How does SCEP work?

  1. SCEP URL: The Simple Certificate Enrollment Protocol URL enables a device to communicate with the CA to obtain an enrollment Certificate.
  2. SCEP Shared Secret: A case-sensitive, secure password is used as a SCEP shared secret between the CA and SCEP server to authenticate the identities and domains associated with the CA certificate.
  3. SCEP Certificate Signing Request: After setting up and sharing the SCEP gateway and Shared secret, respectively, users can create and distribute a configuration profile that enables managed devices to auto-enroll for certificates by sending a certificate enrollment request to the CA through the SCEP gateway. A signed certificate will be issued to the device after authentication.
  4. SCEP Signing Certificate: The SCEP signed Certificate is uploaded by Mobile Device Management (MDM), in which the entire certificate chain (Root CA, Intermediate CA, End-entity Certificate) is included.

SCEP Device Enrollment Process

The following steps are required for SCEP device enrollment on MDMs:

  1. Add SCEP URL
  2. Add SCEP Shared Secret
  3. Upload the SCEP certificate, which needs to be signed.
  4. Set the SCEP configuration.
  5. Define any application-specific certificate setting.
  6. Specify the device which will receive the certificates.

After authentication by the CA, a signed certificate will be deployed on the required device.

SCEP certificate Configuration profile

While setting up an SCEP server, the Administrator can customize the SCEP implementation by setting up the number of available certificate properties in the certificate configuration profile. The certificate properties are given below:

  • Certificate Template Name
  • Certificate Type
  • Subject Name (this refers to the entity requesting the Certificate, it can be an email id, server name, or IP address of the entity.)
  • Certificate Validity Period (this refers to the time for which the Certificate is valid, if not revoked.)
  • Hashing Algorithm
  • Root CA Certificate
  • Key Usage (this refers to the usage of the key, whether it is for Digital Signature, key encipherment, or both.)
  • Key Size (this refers to the size of the key, for example, 1024-bit or 2048-bit)
  • Subject Alternative Name (this relates to the alternative details of the subject like DNS, URI, UPN, etc.)
PKI Assessment


EST stands for Enrollment over Secure Transport. It is the evolution of SCEP and uses Transport Layer Security (TLS) for client-side device authentication. Both SCEP and EST are used to automate the Certificate enrollment process, but the difference is that SCEP uses Shared Secret protocol and CSRs for enrolling Certificates, whereas EST uses TLS for authentication. EST uses TLS to securely transport the messages and Certificates, whereas SCEP uses PkcsPKIEnvelope envelopes to secure the messages.


ACME stands for Automated Certificate Management Environment. Both SCEP and ACME are the same in certificate management. ACME uses key pairs, also known as authorization keys, for validation of the CA and organization. ACME installs the Certificate Management Tool to generate Authorization keys.

SCEP vs. CMP and CMC

CMP stands for Certificate Management Protocol, and CMC stands for Certificate Management CMS. Both SCEP and EST are used for enrollment and issuance of Certificates, whereas CMP and CMC are used for Certificate management like renewal, status, and revocation of Certificates.


SCEP Gateway API can be used to distribute certificates to every managed device. The SCEP Gateway API enables managed devices to enroll for Certificates on their own easily, but it also increases security risk. Mobile devices that use SCEP for digital certificate enrollment may be susceptible to a Privilege Escalation Attack. EST is the evolution of SCEP, which is more secure and uses TLS for client-side device authentication.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


Read Time: 15 minutes

AWS provides many services, including database, storage, networking, and many more. AWS Key Management Service (KMS) is one of the most popular services offered by AWS. It is a beneficial service that helps in dealing with sensitive data and managing cryptographic keys.

What is AWS Key Management Service (KMS)?

AWS KMS is a service that can be integrated with various other AWS services. It can be used to create, store, and control cryptographic keys to encrypt data in your application. With the help of the AWS KMS service, a user can control access to the encrypted data. AWS KMS provides almost 100 percent of the durability of cryptographic keys.

Keys are stored in multiple Availability Zones (AZ’s) that ensure the high availability of keys. AWS KMS is integrated with CloudTrail, which allows users to audit the purpose for which the key is used, when it was used, and by whom the key was used.

Some Important Points about AWS KMS

  • The keys generated in a region cannot be sent outside of that region.
  • KMS uses an AWS Hardware Security Module (HSM), which is FIPS 140-2 compliant, to store keys.
  • AWS KMS allows controlling access to master keys.
  • Users can encrypt data stored in Amazon EBS, Amazon S3, and Amazon Redshift as AWS KMS is integrated with these services.

How does AWS KMS work?

To learn the inner workings of AWS KMS, we must first learn the terms and concepts used in AWS KMS.

There are two types of keys in AWS KMS:

  1. Customer Master Keys
  2. Data Keys

Customer Master Keys (CMKs)

A CMK is a logical representation of the master key. The CMK contains metadata like key ID, Creation Date, key state, and description of the key and the key material used for encryption and decryption.

By default, Key material is created by AWS KMS. No one can modify, manage, view, or extract the key material. Key material cannot be deleted as well. If a user wants to delete key material, then the user has to delete the CMK. Users can import their key material into a CMK or create key material for CMKs in an AWS CloudHSM Cluster.

AWS CMK provides both Symmetric and Asymmetric CMKs. Symmetric CMKs use a 256-bit key for encryption and decryption. In contrast, asymmetric CMKs use RSA key pairs for encryption and decryption or Signing and verification. An asymmetrically created key, called an ECC key, can only be used for signing and verification. CMKs are created in AWS KMS. CMKs can be managed by the AWS Management Console or the AWS KMS API. All symmetric keys and private asymmetric keys never leave the AWS KMS unencrypted. To perform any cryptographic operation using CMKs, the user must use the AWS KMS API.

There are three types of CMKs supported by AWS KMS:

  1. Customer Managed CMK: Customer Managed CMKs are those CMKs in the user account that the user can create, own, and manage. Users have complete control over Customer Managed Keys, allowing them to establish and manage their key policies, IAM policies, grants, rotation of cryptographic material, etc.
  2. AWS Managed CMK: The CMKs in the user account created and managed by AWS on behalf of the user is known as AWS Managed CMKs. AWS managed CMKs cannot be directly used in cryptographic operations. Users cannot manage, rotate or change the key policies of AWS managed CMKs. However, users can view the key policies and audit their use in AWS CloudTrail (integrated with AWS KMS) in their AWS account.
  3. AWS Owned CMK: The Collection of CMKs owned and managed by AWS for use in multiple clouds is known as an AWS Owned CMK. AWS owned CMKs protect the resources in the user account. These CMKs are not found in the user’s account. With AWS owned CMKs, users do not need to create or manage CMKs. Users cannot view, use, track, or audit them.

Data Keys

The keys used to encrypt data and other data encryption keys are Data Keys. Data keys are used to encrypt a large amount of data as customer master keys (CMKs) cannot encrypt data larger than 4KB. Data keys are used and managed outside of AWS KMS. Data keys are not stored, managed, or tracked by AWS KMS. AWS KMS does not perform any cryptographic operation with data keys, however, users can generate, encrypt, and decrypt data keys with the help of AWS KMS customer master keys (CMKs). Data keys can encrypt and decrypt data in other AWS services like Amazon S3, EBS, EC2, etc.

  • Create data key
    AWS KMS uses user-specified CMKs to generate a data key. A data key can be generated by calling the GenerateDataKey operation. This operation returns two copies of the data key, one in plaintext and the other one encrypted under the CMK. Another operation, GenerateDataKeyWithoutPlaintext, can also be used, which returns a single copy of the data key that is encrypted under CMK.
    Before using an encrypted data key, ask AWS KMS to decrypt it.

Create Data Key

  • Encrypting data with a data key
    As mentioned earlier, AWS KMS does not use data keys to perform any cryptographic operation. To encrypt data with a data key, use a plaintext data key, encrypt data outside of AWS KMS, and delete it from memory, then, store the encrypted data key.

Encrypt Data with Data Key

  • Decrypting data with a data key
    To decrypt data outside of AWS KMS with a data key, the Decrypt operation is used to decrypt the encrypted data key, which returns a plaintext copy of the data key.
    Now, Data outside of AWS KMS can be decrypted using a plaintext data key. The user must remove the plaintext data key from memory after using it.
    The following diagram show how the Decrypt operation decrypt the Encrypted Data Key:

Decrypt Data Key

  • Data Key Pair
    Users can create an asymmetric data key pair consisting of mathematically related private and public keys. Generally, these key pairs are used for client-side encryption and decryption or the signing and verification process outside of AWS KMS.
    The private key of each data key is protected by AWS KMS using user-specified symmetric CMKs, but users have to manage and use the data key pair outside the AWS KMS as it does not track, manage or use data key pairs to perform any cryptographic operations.
    Users can generate the following data key pairs in AWS KMS:

    • RSA key pair of 2048 bit, 3076 bit, and 4096 bits. Generally used for encryption and decryption.
    • Elliptical Curve key pair: ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P512, and ECC_SECG_P256K1. Generally used for Signing and verification.
  • Creating a Data key Pair
    To generate a data key pair, the user needs to call the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation according to the requirement and specify a symmetric CMK that will encrypt the private key.
    GenerateDataKeyPair operations generate three keys: a plaintext public key, a plaintext private key, and an encrypted private key. In contrast, GenerateDataKeyPairWithoutPlaintext generates two keys: a plaintext public key and an encrypted private key.

Create Data Key Pair

  • Encrypting data with a data key pair
    The public key of a data key pair is used to encrypt the data, and the private key of the same data key pair is used to decrypt the data.

Encrypt Data with Data Key Pair

  • Decrypting data with a data key pair
    The plaintext private key of the same data key pair whose public key was used for encryption is used to decrypt the data. The Decrypt operation is used to decrypt the encrypted private key of a data key pair, and remove the plaintext private key from memory after using it.

Decrypting Data with Data Key Pair

  • Signing messages with a data key pair
    The plaintext private key of a data key pair is used to generate a cryptographic signature for a message, and anyone with the public key of the same data key pair can use it to verify the signature.
    If the private key is encrypted with the AWS CMK, the Decrypt operation is used, which returns the private key in plaintext format used for signing purposes. As always, the user should remove the plaintext private key from memory after use.

Sign message with Data Key pair

  • Verifying a message with a data key pair
    The public key of the data key pair is used for verification. The public key should belong to the same data key pair whose private key was used for Signing. Verification of the signature confirms that an authorized user signed the message and it has not been altered.

Verify message with Data Key Pair

  • Aliases
    Users can give a friendly name to a CMK known as an Alias. For example, the CMK name is 9897aswd-34dw-1234-89hg-asdkal212012, the user can give it an alias of key-01. With the help of an alias, users can easily identify a CMK in AWS KMS operations.
  • Cryptographic Operations
    The AWS SDK, AWS Tools for PowerShell, or AWS Command Line Interface (AWS CLI) is required to perform any cryptographic operations with CMKs because CMKs remain within AWS KMS. Users cannot perform any cryptographic operation with CMKs in the AWS KMS console.

Below is a table which summarizes the AWS KMS cryptographic operations:

Operation CMK Key Type CMK Key Usage
Decrypt Symmetric/Asymmetric ENCRYPT_DECRYPT
Encrypt Symmetric/Asymmetric ENCRYPT_DECRYPT
GenerateDataKey Symmetric ENCRYPT_DECRYPT
GenerateDataKeyWithoutPlaintext Symmetric ENCRYPT_DECRYPT
GenerateDataKeyPair Asymmetric ENCRYPT_DECRYPT
GenerateDataKeyPairWithoutPlaintext Asymmetric ENCRYPT_DECRYPT
ReEncrypt Symmetric/Asymmetric ENCRYPT_DECRYPT
Sign Asymmetric SIGN_VERIFY
Verify Asymmetric SIGN_VERIFY

Note:  GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext operations generate asymmetric data key pair which symmetric CMKs protect it.

  • Envelope Encryption
    Users can protect their plaintext data by encrypting it with a key, but how do they protect the encryption key? This brings in the concept of Envelope encryption, where the plaintext data is encrypted with the data keys, and the data keys are encrypted with master key. AWS KMS is responsible for the security of the master key. Master keys are stored and managed by AWS KMS and never leave the HSM unencrypted.
    Benefits of Envelope Encryption:

    • Protecting data keys: The data keys are inherently protected by encrypting them with CMKs. So, the encrypted data keys can be safely stored with encrypted data.
    • Encrypting the data key with master key: Encrypting large data with data keys, again and again, can be a time-consuming process. So, instead of encrypting data repeatedly, the encryption key can be encrypted with a master key.
    • Combining the strength of multiple algorithms: Envelope Encryption enables you to use the strength of both Symmetric and Asymmetric algorithms.
  • Key Policy
    Users can define the permissions for CMK in a document called a key policy. Users can add, remove or change permissions at any time for Customer Managed Keys, but cannot edit the AWS Managed CMK as AWS manages it on behalf of the user.
  • Grant
    Grants are temporary permissions that users can create, use, and delete without changing key or IAM policies. Grants are also considered with IAM policies and key policies when users access a CMK.
  • Auditing CMK Usage
    AWK KMS is integrated with CloudTrail, which can be used to audit key usage. CloudTrail creates log files for AWS API calls and related events in the account. These log files contain all AWS API requests from AWS SDK, AWS Management Console, or AWS command-line tools. These log files can be used to find important information like when the CMK was used, which operation was requested, requester identity, and the source IP address.

Integrate your IT infrastructure with Cloud.

Creating Customer Managed Symmetric CMKs

A user should follow the following steps to create Customer Managed Symmetric CMK using AWS Management Console:

  1. Sign in to the AWS management console and open the AWS KMS console.
  2. You can change the AWS region from the upper-right corner of the page.
  3. Choose customer manages keys from the navigation pane.
  4. Choose create key.
  5. In Key type, select the type of CMK, i.e., Symmetric.
  6. Click on Next.
  7. Create an alias for the CMK.
  8. Type the description for the CMK. (Optional)
  9. Click on Next.
  10. Type a tag key and tag value. (Optional)
  11. Click on Next.
  12. Select IAM users and roles that can administer the CMK.
  13. Clear Allow key administrators to delete this key check box if you do not want to allow IAM users and roles to delete this key. (Optional)
  14. Click on Next.
  15. Select IAM users and roles that can use the CMK to perform cryptographic operations.
  16. In the Other AWS accounts section, click on Add another AWS account and type AWS account identification number to allow them to use this CMK for cryptographic operations. (Optional)
  17. Click on Next.
  18. Review the key configuration that you have done.
  19. Click on Finish to create the CMK.

Creating Customer Managed Asymmetric CMKs

A user should follow the following steps to create Customer Managed Symmetric CMK using AWS Management Console:

  1. Sign in to the AWS management console and open the AWS KMS console.
  2. You can change the AWS region from the upper-right corner of the page.
  3. Choose customer manages keys from the navigation pane.
  4. Choose create key.
  5. In Key type, select the type of CMK, i.e., Asymmetric.
  6. In Key usage, select the purpose for which key is created, i.e., Encrypt and decrypt or Sign and verify.
  7. Select the specification of your asymmetric CMK.
  8. Click on Next.
  9. Create an alias for the CMK.
  10. Type the description for the CMK. (Optional)
  11. Type a tag key and tag value. (Optional)
  12. Click on Next.
  13. Select IAM users and roles that can administer the CMK.
  14. Clear Allow key administrators to delete this key check box if you do not want to allow IAM users and roles to delete this key. (Optional)
  15. Click on Next.
  16. Select IAM users and roles that can use the CMK to perform cryptographic operations.
  17. In the Other AWS accounts section, click on Add another AWS account and type AWS account identification number to allow them to use this CMK for cryptographic operations. (Optional)
  18. Click on Next.
  19. Review the key configuration that you have done.
  20. Click on Finish to create the CMK.

Benefits of AWS KMS

  1. Fully managed: AWS KMS provides full control access to encrypted data by enforcing the permissions defined by the user to use keys.
  2. Centralized key management: AWS KMS provides a single control point to manage and define key policies. Users can create, import, manage, delete, or rotate keys from the AWS key management console, or use AWS CLI or SDK.
  3. Digitally Sign data: The user can generate an asymmetric key in AWS KMS and can perform digital signing operations to maintain the integrity of the data.
  4. Secure: In AWS KMS, keys are generated and protected in Hardware security modules (HSMs) validated under FIPS 140-2. For security, keys are only used inside HSMs and can never be shared outside the AWS region in which they were created.
  5. Built-in auditing: AWS KMS is integrated with CloudTrail to help in monitoring key usage to meet regulatory and compliance needs.

Below is the table which summarizes the AWS Key Management Service Crypto Properties:

AWS Key Management Service Crypto Properties
Tenant Multi-Tenant
Standard FIPS 140-2 Level 2
Master Keys
  • Customer Owned Master key
  • AWS Managed Master Key
  • AWS owned Master key
Crypto Keys
  • Symmetric
  • Asymmetric
    AES in XTS mode only
Access Authentication/Policy AWS IAM Policy
Key Accessibility Accessible in multiple regions (Keys outside the region in which created cant be used)
High Availability AWS Managed Service
Audit Capability
  • CloudTrail
  • Cloud Watch

Move your IT infrastructure to Cloud.


AWS CloudHSM is an AWS hardware security module that is customer-owned and managed. AWS CloudHSM acts as a single-tenant on hardware, restricting it from being shared with other customers and applications. Organizations can utilize AWS CloudHSM for those wanting to use HSMs to administer and manage encryption keys, but not have to worry about managing HSM Hardware in a datacenter.
AWS CloudHSM allows FIPS 140-2 Level 3 overall validated single-tenant HSM clusters in your Amazon Virtual Private Cloud (VPC) to store and use your keys. Complete control is given to users whose keys are used through an authentication mechanism separate from AWS.

AWS CloudHSM supports multiple use cases, including the following: management of Public/Private key pairs for Public Key Infrastructure (PKI), Code & Document Signing, or storing private keys for various services such as database, storage, and web applications, storing keys for DRM solution. AWS CloudHSM will allow your organization to meet compliances of key management requirements with the use of Hardware Security Modules supervised by AWS with the ability to incorporate multiple platforms to store keys.

Below is the table which summarizes the AWS Cloud HSM Crypto Properties

AWS CloudHSM Crypto Properties
Tenant Single-Tenant
Standard FIPS 140-2 Level 3
Common Criteria EAL4+( supported by cloudHSM classic older model)
Master Keys Master Key HSM
Crypto Key types
  • Symmetric – AES (Modes supported CBC, GCM and ECB)
  • Asymmetric – RSA, ECC
  • Hashing – SHA-256, SHA-512, RSA, ECDSA
API Support
  • PKCS11
  • OpenSSL
  • JCE
  • Crypto next generation (CNG)
Access Authentication/Policy Quorum based K of N principle
Key Accessibility Can be accessed and shared across multiple VPC
High Availability ADD HSM in Different Availability Zones
Audit Capability
  • CloudTrail
  • Cloud Watch
  • MFA support

Custom Key Store

The Custom Key store feature of AWS KMS provides a way of integrating AWS CloudHSM clusters easily with AWS KMS.

Users can configure their CloudHSM cluster to store keys rather than the default KMS key store.

Users can also generate key material within the CloudHSM cluster. The master keys generated in the customer key store never leave the AWS Hardware Security Module in the CloudHSM Cluster in plaintext form, and all the cryptographic operations required by KMS are performed within the HSMs.


AWS CloudHSM provides single-tenant key storage giving organizations FIPS 140-2 Level 3 compliance. CloudHSM allows full control of your keys, including Symmetric (AES), Asymmetric (RSA), SHA-256, SHA 512, Hash-Based, or Digital Signatures (RSA). On the other hand, AWS Key Management Service is multi-tenant key storage owned and managed by AWS. AWS KMS allows Customer Master Keys for symmetric key encryption (AES-256-XTS) and asymmetric keys (RSA or elliptic curve (ECC)). Suppose your organization’s key management strategy for encryption will be running a singular cloud service provider for now and for the foreseeable future. In that case, AWS KMS will provide the simplest environment to maintain the keys. However, suppose you are planning to take advantage of multiple cloud providers but do not wish to maintain the HSMs. In that case, AWS CloudHSM may be the solution for your organization that allows separating encryption keys from the data of the other platforms that are being utilized.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


Read time: 3.5 minutes

WPA2 stands for Wireless Fidelity Protected Access 2 – Pre-Shared Key. It allows home users or small offices to secure their network without using an enterprise authentication server.

How WPA2-PSK works?

WPA2-PSK requires a router with a passphrase, with a length between 8 to 63 characters, to encrypt the data in the network. It uses a technology named TKIP, i.e., Temporal Key Integrity Protocol, that requires network SSID and the passphrase to generate unique encryption keys for each wireless client.

WPA2-PSK (AES) is more secure than WPA2-PSK (TKIP), but WPA2-PSK (TKIP) can be used with older devices that are not WPA2-PSK (AES) enabled devices.

When a user connects to the router, the user provides a password to authenticate their identity and, as long as the password matches, the user is connected to WLAN.

With WPA2-PSK, user can secure their data, transmitted through the wireless channel between a router and other network devices. It is the latest generation of Wi-Fi security where the key is shared between connected devices. WPA2-PSK is also known as WPA2 Personal.

Is WPA2-PSK vulnerable?

WPA2-PSK is designed for small offices and home networks to allow users to trust the network they are connected to. WPA2-PSK is secure but shares a password to all the users connected to the network, leading to snoop on the network by the attacker.

WPA2-PSK is also found in airports, public hotspots, or universities as it is easy to implement and requires only one password. But if your WPA2-PSK gets compromised, an attacker can easily get access to your network and is capable of doing the following malicious activities:

  • Switch Spoofing
  • Spanning Tree Protocol (STP) Attacks
  • Dynamic Host Configuration (DHCP) Spoofing
  • Media Access Control (MAC) Spoofing
  • Double Tagging
  • Address Resolution Protocol (ARP) Spoofing.

Using a single password for network access requires good faith to keep the password secret on every user’s device. The reason for this is that if one user gets compromised, then all users can be hacked.

Brute force attacks like dictionary attacks can be performed, and an attacker can decrypt all the device traffic if it obtains the Pre-Shared Key and capture the key handshake while a user joins the network.

Alternatives to WPA2-PSK

WPA2-PSK is secure enough for a home network as users can change passwords when they doubt that an unintended person is using it.

However, if users can not compromise with security, then WPA2-Enterprise can be used to provide different passwords to each participant and not allow access to the network as a whole. It isolates the network per user. The requirement of RADIUS in 802.1x implementation makes it complex, but for more security, 802.1x can be used, which allows authentication through certificates instead of credentials.

Design and Implement a highly Secure and reliable PKI for your Organization.

Secure Your 802.1x Network with WPA2 EAP-TLS Authentication

The larger organization can adopt WPA2 Extensible Authentication Protocol over Transport Layer Security. It uses AES encryption but adds username and password authentication. A user without a registered account or whose account is disabled cannot access the wireless network. The wireless network can be impenetrable to over-the-air attacks by certificate-based authentication that relies on EAP-TLS with server certificate validation. The unauthorized user cannot access the information being sent for authentication through an encrypted EAP tunnel, and the identifying information is only sent to the correct RADIUS through the server certificate validation process.

The implementation of WPA2 EAP-TLS can be an issue due to its complexity with its initial design and configuration. It can also be resource-intensive as it requires setting up and management of a  Public Key Infrastructure.

Secure your network with WPA3

WPA3 removes the security issue by using individualized data encryption. If WPA3 is enabled and the user connects to an open Wi-Fi network, then the data transmitted between the device and the Wi-Fi access point will be encrypted. Even at the time of connection, the user does not enter any password.


Security is essential in this connected world. Our data should be secured and can only be accessed by the intended person. In today’s world of wireless networks, we should configure our network security to the latest so that no one can penetrate our network. Users should use WPA3 to improve the authentication and encryption while making the connection easier. WPA3-SAE (Simultaneous Authentication of Equals) replaced the WPA2-PSK authentication process. WPA3-SAE uses a 128-bit encryption key and Forward secrecy protocol to resist offline dictionary attacks while improving key exchange security without any additional complexity. On the other hand, WPA2-Enterprise is replaced by WPA3-Enterprise, which uses a 192-bit encryption key and a 48-bit initialization vector as requested by sensitive organizations.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


Read time: 7 minutes

In today’s world, all the applications or software utilized by users are virtualized and downloaded from a docker container. One fear many users have is that it might be possible that attackers tampered with the file that users are downloading from the container and have injected a malicious script or malware in it. If this is the case, whenever any person downloads and executes it in their system, the system gets affected by the attacker’s malicious script.

The Necessity for Docker Image Signing:

If an organization is providing a software/product to their customer, then how can the customer verify it is not tampered with? To provide customers with peace of mind on this subject, an organization can put their trusted signature on the software/product. If someone tries to tamper with the code, the signature gets changed. This is where image signing comes into the picture. Image signing is where an organization can sign their image before they push it to the container so that the customer can use it safely.

Similar to how malicious activity can be caught by code signing, when a user tries to install or execute the file, the signature will first be verified. If the organization’s image signing certificate is not found then it will stop the user from proceeding.

What is Docker Image Signing?

Docker image signing is the process of digitally signing docker images to confirm the software author’s identity and provide assurance that the code has not been altered or compromised.

How does Docker Image Signing work?

The way image signing works can be broken into two parts:

  1. At the server or developer side
  2. At the client side

Firstly, we’ll discuss how the
process takes place on the server side:

Signing at Server Side
Figure 1: Server Side
  1. The original image, i.e., the docker image the user wants to provide to customers safely, is firstly hashed by a hashing algorithm, because it’s practically impossible to reverse a hash.
  2. The hashed docker image we get is then signed by the private key of the developer.
  3. The signed hash docker image is then packed with the original image and digital certificate, which together are also known as an image signing certificate.
  4. Now, it can be uploaded or transferred to the customer.

Now, let’s go through how the process takes place on the client side.

Verification at Client Side
Figure 2: Client Side
  1. The original docker image is passed through a hashing algorithm, to get the hash of the image.
  2. The public key is extracted from the certificate and applied to the signed hash of the docker image to extract the hash of the image.
  3. Both the hashes created from steps 1 and 2 are compared, and if both the hashes are the same then the image has not been changed and the signature is considered valid.
  4. At the same time, the image signing certificate is checked to ensure it was signed by a trusted CA. The expiry date of the image signing certificate is checked, and certificate is also checked against the revocation lists to ensure it is valid.
CodeSign Secure's free demo

Weaknesses of Docker Image Signing

There are several weaknesses to image signing, as well, including:
Improper management of the private key created at the beginning of the Image signing process can result in insecurity of the software being sent. If a legitimate private key is stolen, then the attacker can encode their malicious software with the private key, which will tell the user that the software is safe to use, even if it isn’t.

Threat actors can obtain a trusted certificate, but what deters most attackers is the need to provide identification information to obtain a certificate. If malicious software is distributed with a legitimate certificate, the developer can be identified and stopped.

Note: If the user allows the installation of the software, even if the Operating System says it is not a signed image, then image signing is rendered useless.

To prevent these weaknesses, there are best practices that should be followed:

For the protection of encryption keys, Hardware Security Modules, or HSMs, should be used. An HSM is a specialized, highly trusted physical device. It is a network computer that performs all the major cryptographic operations including encryptiondecryption, authentication, key management, key exchange, etc. They are tamper-resistant and use extremely secure cryptographic operations.

Along with HSMs, the principle of least privilege should be used with keys, to ensure only users who need the key have access to it.

Finally, caution should always be used with image signing. Only download and install software that is image signed by a trusted CA.

Future of Code Signing

As we can see in today’s world, security and trust are a major part of any organization to growth. Every organization wants to save its data and provide secure data to its clients. Various malicious activities are occurring daily, so image signing is going to increase exponentially. Every organization needs to put code signing and image signing into practice.

Our offering of Code Signing

Our product, CodeSign Secure, provides a secure and flexible solution to an organization’s code signing needs for signing Windows, Linux, Macintosh, Docker, and Android/iOS apps.

Our framework can be extended to protect any other code or document as requested by our customers.

  • The keys are protected by your choice of HSM, – nCipher, Utimaco, Safenet.
  • Policies and workflows are defined to secure and streamline your job submission and approval process.
  • Your existing virus and malware scans can be integrated systematically.
  • Developed on an open REST API, allowing for custom integrations and requirements.


Data is crucial in this connected world, where code signing can be used for the verification of data. Tampered data can lead to a severe loss and thus should not be trusted. Software should also show a warning or completely block the user from installing software with untrusted certificates. A signed software or application can achieve a trusted network of users, devices, and programs.

To learn more about CodeSign Secure, visit our website:

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


Difference between Azure and AWS DevOps
Table of Contents

What’s is DevOps?

DevOps is an amalgamation of software development and IT operations. It evolves organizations to improve and deliver their products at a higher pace than organizations with conventional software development models. This enables organizations to effectively & efficiently service their customers and command a strong reputation in the market.

How DevOps function?

A DevOps model consists of a development team merged with the operations team during the entire application lifecycle (i.e., development, testing, deployment, and operations) as opposed to the method where both these teams worked independently in earlier models. At this time, there are other teams also integrated with this team such as security. In that case, it becomes known as DevSecOps. The overall function of a DevOps team is to automate processes that were manual earlier by using specific DevOps tools that help evolve applications rapidly and reliably. The DevOps tools enable team members to handle tasks independently without taking help from other teams.

What are DevOps practices?

DevOps practices are the innovation objectives an organization wants to achieve by automating and streamlining the software development and infrastructure management processes with the help of appropriate DevOps tools.

The following are DevOps practices available in the industry:

  • Continuous Development (CD)
  • Continuous Testing (CT)
  • Continuous Integration (CI)
  • Continuous Delivery (CD)
  • Continuous Deployment (CD)
  • Monitoring & Logging
  • Infrastructure as Code (IaC)

Let’s talk about each practice briefly:

  1. Continuous Development – This practice involves the coding and development phases of the DevOps lifecycle. This also facilitates the version-control feature.
  2. Continuous Testing – This practice involves the automated, pre-scheduled, and continued tests that should be executed against application code. This includes the continuous testing of application code (update or fresh code) against pre-programmed tests.
  3. Continuous Integration – This practice involves the continuous feedback mechanism between testing and development to make code ready for production as early as possible. It encompasses the configuration management, test, and development tools to mark the progress of the production-ready code.
  4. Continuous Delivery – This practice involves the delivery of code changes to the staging environment, post testing and before going live on the actual production environment.
  5. Continuous Deployment – This practice involves the delivery of code changes to the production environment. It uses container technologies such as Docker or Kubernetes to make production changes available rapidly.
  6. Monitoring and Logging – This practice involves the continuous monitoring of application code in production and the infrastructure that supports it. It is necessary to monitor the environment 24/7 so that issues or bugs can be reported to the development team on a continuous basis to improve code quality.
  7. Infrastructure as Code – This practice involves the automation of cloud infrastructure provisioning with the help of integrated tools. The infrastructure can be set up with the help of API driven mechanisms to enable the developer to interact with it.

Since we have discussed the DevOps scope and practices, let’s now talk about AWS DevOps and Azure DevOps tool offerings in the subsequent sections.

Move Your IT Infrastructure to Cloud

AWS DevOps Tools

  • AWS CodePipeline
  • AWS CodeBuild
  • AWS CodeDeploy
  • AWS CodeStar

AWS CodePipeline

AWS CodePipeline is a fully managed continuous delivery service offering from Amazon that helps you automate the deployment process for applications and infrastructure updates. It helps you build, test, and deploy the release of the application every time a code change occurs to deliver features & updates rapidly and reliably. For example, an application developer can specify which tests will be executed by the CodePipeline and to which staging environment it will deploy it. The CodePipeline service can run these steps in parallel with the help of multiple processors to avoid queuing and expedite workflows. This works on a pay-as-go model, with no upfront charges involved.

AWS CodeBuild

AWS CodeBuild is a fully managed continuous integration service offering from Amazon that helps you automate the code integration process for applications and software. It helps you compile the source code, and runs the pre-scheduled tests to create the software packages that are ready to deploy. With CodeBuild, you don’t need a separate build server to provision builds and your multiple builds are processed in parallel, to avoid queuing. CodeBuild can be used in a pre-packaged environment or custom build environment that uses its own build tools. This works on a pay-as-you-go model for compute resources with no upfront charges involved.

AWS CodeDeploy

AWS CodeDeploy is a fully managed continuous deployment service that automates code deployments to any instance, including Amazon EC2 instances, AWS lambda, and On-premises instances as well. CodeDeploy enables you to release new features rapidly and helps you avoid downtime during application deployment. It also manages the complexity of your application update. AWS CodeDeploy can be used to deploy applications or software via automation, thus avoiding the need for error-prone manual operations. It also matches your environment needs for the deployment. This works on a pay-as-you-go model for deploying software/applications on on-prem instances with no upfront charges involved.

AWS CodeStar

AWS CodeStar enables its customers to develop, build, and deploy applications/software within their AWS environment. It provides a unified interface for all software development activities in one place in AWS infrastructure. With CodeStar, you can set up a continuous delivery tool chain to release code updates faster and it also provides an integrated authorization mechanism to control access for owners, contributors, and viewers for your project. Every CodeStar project comes with a project dashboard to track the progress of your team’s software development effort in every aspect. This works on a pay-as-you-go model with no upfront charges involved.

Azure DevOps Tools

  • Azure Pipelines
  • Azure Repos
  • Azure Artifacts
  • Azure Test Plans
  • Azure Boards

Azure Pipelines

Azure Pipelines is a cloud service offering from Microsoft that helps customers automate the build and testing phase of code projects to ship to any target. It incorporates the continuous integration and continuous delivery mechanisms to build and test your code rapidly and reliably. Azure Pipelines integrates with version control systems such as Github & subversion, supports any language, like JavaScript or Python, and deploys code to any target, even VMs.

Azure Repository

Azure Repository is a version control tool that helps manage multiple versions of your code. With Azure Code Repository, we can track changes done by each developer, merge them, test the changes, and release them into the production environment.

Azure Artifacts

Azure Artifacts helps you create, host, and share packages with different teams. We can share code across teams, and manage all package types, such as Marven, npm, Gradle, NuGet, etc. It allows you to add fully integrated package management into your existing continuous integration/continuous delivery (CI/CD) pipelines with minimal configuration.

Azure Test Plans

Azure Test Plans provides you with three types of test case management for your qa team: i) Test Plans, ii) Test Suites, and iii) Test Cases. Test Plans consists of test suites as well as individual test cases and can include static test suites, requirement-based test suites, and query-based test suites. Test Suites consists of individual test cases based on scenarios to test. Test Case validates the specific section of the application code. With the help of test cases, you can make sure your application code doesn’t have any logical errors and meets the expected behavior of the customer and business. A single test case can be a part of multiple test plans or test suites and doesn’t need to be cloned/copied for each plan or suite.

Azure Boards

Azure Boards is the cloud service offering from Microsoft to manage software projects in terms of user stories, backlog items, tasks, features, and problem reports for the project. It has native support of Scrum and Kanban and also supports customizable dashboards and reporting. Project users can track work items based on the type of work item available in the project and can update the status of the work using a pre-configured Kanban board as well. Lead developers can assign work to team members and use labels to tag information.

Considering both DevOps vendors, AWS & Azure, the one main similarity between both of them is they aim to automate the software development life cycle. AWS DevOps is a set of development tools that allows developers to provision a CI/CD pipeline from the build phase to the deploy stage. AWS DevOps allows customers to integrate AWS services like EC2 and Elastic Beanstalk with very minimal configuration. It can easily automate a complete code deployment process with AWS and On-prem resources. Azure DevOps, on the other hand is a tool provided by Microsoft that allows developers to implement a DevOps lifecycle in business. It allows customers to integrate Azure and other third-party services such as GIT and Jenkins very efficiently and effectively. Azure DevOps also has Kanban boards, workflows, and a huge extension ecosystem. AWS and Azure DevOps have similar practices in terms of general DevOps practices, such as development, integration, testing, delivery, deployment, and monitoring in a collaborative environment, but there is a fine line between the two that should be considered. The major difference between AWS DevOps and Azure DevOps tools is their integration within the scope of their cloud environment and with third-party services. AWS DevOps tools are much easier to start with, whereas Azure DevOps is better suited within Azure environments and third-party services available in Azure marketplace.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


Key Management Interoperability Protocol
Table of Contents


Encryption is the best option for an organization’s data security, which is why almost every business uses encryption to protect their data as they’ve realized how important it is. However, it must be remembered that managing encryption keys remains a challenge for the vast majority of people.

Implementing the Key Management Interoperability Protocol is the best solution to deal with a situation where data exchange is required between different key management servers and clients. It allows data to be sent in an interoperable manner between different management servers and the client’s system.

Development of KMIP

KMIP was developed by OASIS (the Organization for the Advancement of Structured Information Standards).

The primary purpose of KMIP was to define an interoperable protocol for data transfer between the various servers and consumers who may use these keys. It was first utilized in the storage division to exchange important management messages between archival storage and the management server. However, security concerns grew over time, requiring better encryption and a centralized key management system capable of uniting all moving parts inside an organization.

What is KMIP?

KMIP is a protocol that allows key management systems and cryptographically enabled applications, such as email, databases, and storage devices, to communicate. KMIP streamlines the management of cryptographic keys for organizations, removing the need for redundant, incompatible key management systems.

KMIP is an extensible communication protocol for manipulating cryptographic keys on a key management server that defines message formats. KMIP makes data encryption easier by simplifying encryption key management. On a server, keys can be generated and subsequently retrieved, sometimes wrapped or encrypted by another key. It also supports various cryptographic objects such as symmetric and asymmetric keys, shared secrets, authentication tokens, and digital certificates. Clients can also ask a server to encrypt or decrypt data without directly accessing the key using KMIP.

The key management interoperability standard can support both legacy systems as well as new cryptographic applications. In addition, the standard protocol makes it easier to manage the cryptographic key lifecycle, including generation, submission, retrieval, and termination.

Is your Data Secure throughout all of the Phases of the Data Lifecycle

How Does KMIP work?

KMIP is an open standard-based encryption and cryptographic key management system that standardizes and creates a universal language to communicate. In the absence of KMIP, different organizations use different languages for different purposes, which requires different security communication lines and results in increased costs for operations, infrastructure, and training.

The Key Management Interoperability Protocol ensures that a single language is used across different management environments without impacting performance.

The common interface provided by the Key Management Interoperability Protocol eliminates redundant and incompatible key management processes and enables more ubiquitous encryption. Furthermore, it provides easy and secure communication among different cryptographically secure applications.

Not only does KMIP ensure the security of critical data, but it also makes it easier to handle various keys across different platforms and vendors. All of this improves the IT infrastructure’s cost-effectiveness.

KMIP Profile Version 2.1

The Key Management Interoperability Protocol is a single, extensive protocol for communicating between clients who request any number of encryption keys and servers that store and manage those keys. KMIP delivers enhanced data security while minimizing expenditures on various products by removing redundant, incompatible key management protocols.

The KMIP Specification v2.1 is for developers and architects who want to develop systems and applications that use the Key Management Interoperability Protocol Specification to communicate.

Within specific contexts of KMIP server and client interaction, KMIP Profiles v2.1 specifies conformance clauses that define the use of objects, attributes, operations, message elements, and authentication mechanisms.

Benefits of KMIP

  • Task Simplification: Organizations encounter a variety of issues while establishing IT security configurations. When many companies and technologies are involved, the situation becomes even more complicated. For example, the problem is significantly more complicated in the case of encryption and key management, as a separate key manager is required for each encryption. KMIP efficiently solves this issue by allowing a single key management system to manage all encryption systems, allowing organizations to spend their time and resources on more valuable business tasks.
  • Operational Flexibility: Different proprietary key management systems were required to manage encryptions before the deployment of KMIP. Organizations must collaborate with different vendors, each of whom has systems built for different situations and configurations. KMIP provides flexibility to the organization to utilize any key management system. KMIP enables the organization to integrate across cloud platform, edge, and on-prem systems with a single key manager.
  • Reduces the IT Infrastructure Cost: The hardware and software necessary to secure data are considerably reduced using a single KMIP-powered encryption key management system, lowering the total cost of owning security infrastructure. In addition, KMIP makes it easier to handle various keys across different platforms and vendors, improving the IT infrastructure’s cost-effectiveness.


With time, KMIP adoption and diversification became stronger. Technical and communications companies, universities, and libraries have been found to use KMIP to protect sensitive data. The robust security, effectiveness, and cost-efficiency of management of key lifecycle implementation and technology advancement show no sign of slowing down.


About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Zero Trust Security

Read time: 14 minutes, 33 seconds

Before we go deep into the Zero Trust Security model, we should first analyze the model called a Castle-and-Moat model. The Castle-and-Moat model assumes that whatever is inside the organization, i.e., on-prem, is highly trusted, while the resources outside the organization are untrusted. The weakness of this model lies in its misplaced intense focus on external threats. When an organization extends its network to the cloud, there is a flaw in this model where users can have permission to create resources that the user can then mark public or private. If the user marks it as public, then it is considered outside the organization, while making it private makes it inside the organization. It is not, however, the same case on-prem. In recent years, high-profile attacks taught that external threats are usually the least of a company’s problems. Even secured attack surface can still be infiltrated. Still, insider threats are frequently overlooked.

There are more disadvantages of the Castle-and-Moat approach that include:

  • Providing permissions that are unclear or that can be overused.
  • Allowance of Bring Your Own Device (BYOD), which results in data leakage.
  • User authentication by passwords only.

This is where Zero Trust Security comes into the picture. The Zero Trust Model is based on the concept of “Trust No One,” whether it is inside of the organization or not. The Zero Trust Security model requires identity verification of every entity, whether it is a user or any network device trying to access private resources.

Cybercrimes are increasing day by day, so organizations need to be proactive about their data and network security. The Zero Trust Security model can be effectively used to secure data and networks from unauthorized access.

How does Zero Trust Security Work?

As hackers try to steal data regularly, data security is critical to a successful Zero Trust Model. The Zero Trust Security model focuses on increasing the organization’s data security, while integrating with current laws and providing the flexibility to adopt future security and privacy laws.

Data security is critical to an effective Zero Trust model, because hackers are constantly attempting to steal it. While all security safeguards are vital, there will always be a significant gap if data activity is not controlled.

Some areas need that need to be focused on for security purposes are:

  • Data Security: As data is a crucial part of every organization. The Zero Trust Security model protects the data by encrypting data-at-rest and data-in-transit before moving to cloud storage devices or any other devices. If a data breach occurs, even in with limited access to data, no one can read the data except the intended person.
  • Multi-factor authentication (MFA): The Zero Trust Security model validates the user based on multiple factors including location, device, permissions, and IP address.
  • Micro-segmentation: This security model splits the data centres into secure segments or zones based on different parameters like user groups, locations, etc. Segments can have their own security policies that can act as border control within the system.
  • Logs and Packet Analysis: This deals with determining the source of the abnormal activity and monitoring all activities around it. It also creates logs for every activity, and inspects and analyzes all the traffic and data.

Best Practices for Implementing Zero Trust

Some best practices should be considered while implementing the Zero Trust Security model:

  • Understanding the Protection Surface: Regulatory compliance standards and guidelines such as General Data Protection Regulation (GDPR), make it compulsory for organizations to identify and secure data accordingly. All regulatory compliance standards and the Zero Trust Security model share a common component: the organization’s sensitive data.
  • Mapping the Connections: A conventional network architecture diagram that depicts network traffic flow is insufficient. A complete map of the various connections throughout the network is required for the Zero Trust Security model to be effective. It requires a detailed mapping of applications currently in use, data associated with the applications, and data transmission connections with enough details to decide where security controls are needed.
  • Architecting the Network Using Micro-Segmentation: Popular information security tools such as Firewalls, intrusion detection, and prevention systems, deep packet inspection tools, and data loss prevention tools, can be used to implement a Zero Trust environment, but they must be updated to assess and regulate traffic across the stack.
  • Implementing Zero Trust Policies: Organizations must develop and implement policies about the appropriate traffic flow that should be accepted or denied and enforced on all networks. The following questions should be considered while implementing Zero Trust Policies:
    • Who is the user?
    • What resource does the user want to access?
    • Where are the requesting users and endpoints located?
    • Why does the user want to access the requesting resource?
  • Monitoring Traffic continuously: All resources and traffic in an organization should be continuously monitored for better security and to detect malicious activity. Monitoring of traffic should be automated so that it effectively monitors and blocks unwanted traffic.

Steps to Implement a Zero Trust Security Model

A Zero Trust model is based on the concept “Trust No One.” Instead of implementing security measures at the network border, it concentrates on bringing them as close as possible to the actual surface that must be protected. It also requires strong user authentication and validation of the device over the network. The following steps should be followed to implement a Zero Trust Security model in your organization:

  1. Identifying and Segmenting Data: One of the most challenging aspects of establishing Zero-Trust is determining which data is sensitive. The Zero Trust model requires micro-segmentation. Micro-segmentation is the process of dividing security perimeters into small zones so that different areas of the network can have independent access. A user who can access one of these zones should not be able to access another zone with the same authorization.
  2. Implement Multi-Factor Authentication: Since a Zero Trust Security model is based on the concept of “Trust No One, always verify,” it requires verification every time a resource needs to be accessed. For that, Multi-Factor Authentication is a fundamental component of a well-designed network security strategy. Multi-Factor Authentication operates by requesting further information for verification. One-time passwords (OTP) are one of the most typical Multi-Factor Authentication elements that users follow. There are three main types of Multi-factor Authentication Methods:
    • Knowledge: It refers to the things that users know, such as a PIN or Password.
    • Possession: Things that users have, such as a smart card, ATM card.
    • Inherence: Things that users have attached to themselves, such as fingerprints, iris scanning, etc.
  3. Implement the Principle of Least Privilege (PoLP): Enforcing least privilege helps to reduce the overall cyber-attack surface by limiting super-user and administrator privileges. Least privileges must be enforced on endpoints so that malware attacks will not exploit elevated rights to increase access and move laterally to install or execute malware or otherwise damage the machine.
    Access rights for applications, systems, processes, and devices can be restricted to to those permissions required to perform authorized tasks using the principle of least privilege.
  4. Validate all endpoint devices: Trust No One means No One, whether a user or a device. There must be a robust authentication procedure for the verification of the device also. Zero Trust Security can be achieved by extending the identity-centric controls to the endpoints. Any device used to access resources must be enrolled first for its identification and verification.
    By implementing the Zero Trust Security model, an organization can have better control over access to resources, like who can access what resource.
Implementation of Zero Trust Security

Principles of a Zero Trust Security Model

  • Strict Authentication Access: A Zero Trust Security Model is based on the concept of “Trust No One.” The organization should not trust anything inside or outside of it. According to the model, an attacker can be inside and outside the network, so the organization must authenticate and authorize access to every system.
  • Least Privilege Model: The Zero Trust Security model limits the user’s access only to the required resources based on their roles and can prevent the attacker from gaining full access to a large number of resources by getting access to a single account.
  • Documentation and Inspection: All activities must be assessed and authenticated under the Zero Trust approach. There must be a procedure that documents every action automatically. To detect any malicious activity running, the organization needs to analyze a complete picture of data accesses to guide better decision-making. It can also detect any malicious activity going on within the organization, like if any user tries to access the resource of another department not associated with them.

Benefits to a Zero Trust Security Model

  • User Identification and Access: The Zero Trust model uses multi-factor authentication (MFA) to access resources that are more secure than two-factor authentication. By making it mandatory for all employees and customers to verify their identity using Time-based One-time passwords, Google Authenticator, etc., only authorized users can access resources.
  • Robust Access Policy: The Zero Trust model uses micro-segmentation of data and resources, protecting critical data from unauthorized access. Splitting the organization’s network into segments, and each segment having its security policies, reduces the chances of attack by keeping vulnerable systems well-guarded. It can also mitigate insider risks.
  • Greater visibility across the Enterprise: The Zero Trust Security model is based on the concept “Trust No One.” When you’ve set up monitoring for all of your resources and activities, it gives complete visibility of who accesses your network with time, location, and which application was accessed.
  • Enhanced Data Security: A Zero Trust model restricts access to resources and reduces the attack surface through Robust Access Policy and User Identification and Access. By deploying the monitoring system, all ongoing activities are tracked.
  • Better User Experience: The Zero Trust model automates the verification process and makes it more efficient as users need not wait for approval for access requests.
  • Easy Cloud Migration: All organizations are moving to cloud-based solutions. The Zero Trust Security model provides a robust access policy and user identification process for cloud platforms, making it easier and more secure to migrate to the cloud.
Encryption Assessment

Challenges of a Zero Trust Model

Following are some of the challenges and complexities associated with a Zero Trust model:

  1. Technical Challenges: The Zero Trust model requires micro-segmentation of data and resources and monitoring all activities in an organization. But most of systems are not capable of meeting the Zero Trust model’s micro-segmentation requirements.
  2. Legacy Systems: Legacy systems do not have a concept of least privilege, and the Zero Trust Security model requires multiple verification of the user trying to access resources. Based on the characteristics of legacy systems, monitoring network traffic is also nearly impossible due to the heavy encryption requirements of the Zero Trust model.
  3. Peer-to-Peer Technologies: Many systems, including Windows operating systems and wireless mesh networks, adopt the peer-to-peer (P2P) model, which works in a decentralized manner and breaks the micro-segmentation model of the Zero Trust model.
  4. Hybrid Cloud: The micro-segmentation model breaks when both cloud services, i.e., public and private, work together and unite to provide a common service, which in turn destroys the Zero Trust model.
  5. Moving from Silos to Data-Centric: The majority of systems in use are data silos that contain both sensitive and general information. Because the Zero Trust model relies solely on data for verification and access control, efficient segmentation is required. Currently, most systems require a larger architecture.

The road to a Zero Trust Security Model

Due to redefining and reengineering job roles and their classification, implementing the Zero Trust Security model might be challenging for an organization. Organizations require an entirely separate inventory service for better device monitoring, greater visibility into apps, multiple user authentications, and enforcing access control policies. All these efforts are required at the managerial level. The trust in users must be based on their identity, devices, and resources they want to access, instead of access attempts. An organization must implement Multi-Factor Authentication and User Behavioural Analytics to establish the required level of trust.

Services offered by Encryption Consulting

The Zero Trust Security model focuses on increasing an organization’s data security while integrating with the present laws and having the flexibility to adopt future security and privacy laws. An organization can get an encryption assessment from Encryption Consulting to know how strong the current encryption techniques implemented by your organization are,  how they can be improved, and what the encryption strategy should be. It can also help to know what privacy laws are currently followed by your organization.


On comparing the challenges and benefits of the Zero Trust Security model, we can conclude that the disadvantages are primarily related to the additional technicality necessary in the implementation phase. After implementing the Zero Trust model in an organization, it ensures greater trust within the organization and adds an additional security layer outside the organization. The only challenge associated with the Zero Trust model is how the organization adopts and implements it. Otherwise, it is an extremely effective cyber-security solution.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


Why are digital certificates Important?
Table of Contents

Importance of Digital Certificates in the PKI environment

Digital certificates are critical to any environment as they possess a greater degree of authorization with them. With this authorization power, it becomes very important to secure them with the utmost care. Many organizations care about certificates that are manually generated; however, they lack auto-enrolled certificates. Since the number of auto-enrolled and manually generated certificates exist in the hundreds of thousand, it becomes a quintessential need for organizations to manage all the certificates (auto-enrolled and manually generated) with the help of automation.

The Role of PKI in Digital Certificate Management

For many customers, the role of Public Key Infrastructure (PKI) is to process workflow for manually generated certificates and auto-enroll the rest of the certificates through group-policy in the Microsoft PKI environment. Some customers may see auto-enrollment through group-policy as a certificate management feature of PKI, however, when you look in-depth you see that it’s just the functionality provided by the Microsoft PKI environment. The true definition of certificate as well as key management is when the certificates and keys are managed from enrollment to revocation. This means that both (certificate and keys) are managed through their entire lifecycle process, including inventory and reporting, all the way through the revocation of certificates, when the certificates are no longer needed, or potentially compromised. Skill gap is another factor which contributes to the inefficiency of certificate management as it requires specialized skills to manage the certificate & keys through their entire lifecycle. Based on the above understanding, we can state that it is requisite to monitor the issuance of certificates in your PKI environment to ensure that the certificate issuance process is secure, efficient, and customized as per your organization’s requirement.

Types of Digital Certificates exists in your PKI environment

As we discussed, certificates possess a greater degree of authorization that results in gaining attention from bad actors like criminals with malicious intent, as these certificates provide them an increased level of access or the ability to impersonate a user. One of the most common certificate types that is susceptible to attack are machine certificates, as these are automatically issued to the devices in your network. There are hundreds of these types of certificates in the environment of an organization that could potentially be a risk in terms of unauthorized access to critical resources such as Wi-Fi access, VPN access, authentication for network access control systems, multi-factor authentication for single-sign-on applications, email encryption, Microsoft Azure WCF services, etc.

Considerations for effective Certificate Management

The following points should be considered while assessing the certificate management situation in an organization:

  1. The inventory of certificates in your environment is very critical. Also, the pattern of certificate issuance indicates normal or abnormal behavior from the certificate generation perspective.
  2. The issued certificates are used for the purpose for which they are issued. PKI administrators should always keep an eye on their PKI environment for any discrepancy with respect to certificate usage.
  3. As every certificate has a key usage field, this should be correctly chosen, as a misconfigured certificate template in the PKI domain would create complete chaos and might result in organization-wide risk and loss.

Is your Data Secure throughout all of the Phases of the Data Lifecycle

Risk with Unmanaged Certificates

There is a saying that if you can’t see the risk, it doesn’t mean there is none. PKI administrators sometimes ignore the risks based on the fact that they don’t see any immediate problem because of this. Also, some minor issues in the PKI go unnoticed in the initial stage that create bigger issues in the future. To avoid this, PKI admins must have tools deployed to detect and manage these issues in order to establish and maintain a healthy PKI in their environment.

The following are risk avoidance actions that can be taken by the PKI team for certificate management:

  1. Certificates are issued based on certificate standards that vary with time. This requires the need for continuous audit of your PKI environment and all the certificates issued by the PKI. At times, certificates are issued based on old certificate standards, for example the key length of 2048-bit keys are still active even though the new standard states that a key length of 4096-bit is more secure. PKI admins must have an inventory of all those certificates (with key length of 2048-bit) to address all of them in a single attempt.
    When there is a requirement to replace or re-issue the certificates in bulk, the ability to automate this transaction efficiently can help improve security response time. The same scenario is applicable when a critical vulnerability is identified and the admin must extract the certificate inventory at risk to remediate those within a short span of time.
  2. At times, there are small misconfiguration issues in certificates which can cause critical and large-scale issues. For example, a PKI admin has issued 10,000 certificates with a validity period of 10 years, and later on the validity period has to change based on some compliance policy. Now, there has to be a centralized and quick way to locate these certificates to remove them from the environment to remediate & recover from this situation. It is significant to monitor the certificate issuance process and issuance policies to identify issues. Also, having a monitoring tool in place enables the quick detection of issues if they arise.
  3. Rogue certificates do exist and get issued in the PKI environment. These rogue certificates lead to disastrous results if not dealt with properly. To counter rogue certificates, PKI admins must have an accurate inventory of all the legitimate certificates issued in the PKI environment so that centralized action can be taken, if required, to replace, re-issue, or revoke them.Till now, we have discussed many situations that may happen in any organization and could lead to unexpected results or outcomes. These include PKI issues, skill gaps on PKI, and lack of centralized management for digital certificate and key lifecycles. Effective management of all digital certificates and keys in a PKI environment requires the appropriate management tool and resources in place to mitigate the risks associated with PKI expeditiously and reliably.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.