Client-Side Encryption
FIPS140-3 grade security with Software-defined simplicity
How to stop data breach on AWS S3
DuoKey for AWS S3
Client-side encryption is the act of encrypting data before sending it to Amazon S3. To enable client-side encryption, DuoKey generate a CMK within your application on client-side, AWS has no access to any encryption keys.
Protect your AWS S3 Bucket
Keep your keys safe
With DuoKey for AWS S3, our plugin works by keeping a master key inside the MPC node and use this to derive a unique key for each object in a bucket. The software running on the client will have access to these object-specific keys, but never the master key which never leaves the MPC node.
Use your own CMK
To access the content you must have the CMK generated using DuoKey MPC. The customer key is managed using our DKMAAS with MPC. Since one key is always in your control, AWS never has access to your data. When uploading an object — You provide a client-side master key to the Amazon S3 encryption client. The client uses the master key only to encrypt the data encryption key that it generates randomly.
Safe protection
Experts agree that end-to-end encryption can reduce the risk of unauthorized data access and meet certain compliance and data residency requirements. DuoKey takes a complementary approach to encryption, both using encryption keys controlled by the customer and performing the encryption at the endpoint.
Client-Side Encryption
Client-side encryption is the act of encrypting data before sending it to Amazon S3. To enable client-side encryption, DuoKey generates a master key that you store within your application. AWS cannot access your keys.
How to use AWS S3 Client-Side Encryption
