A $23M crypto hack wasn't a smart contract flaw. Resolv Labs lost millions due to a compromised off-chain key. This changes how we view DeFi security.

thepixelspulse.com/posts/resolv-compromised...

#resolv #usrstablecoin #awskms

AWS KMS now supports Edwards-curve Digital Signature Algorithm (EdDSA) AWS Key Management Service (KMS) announces support for the Edwards-curve Digital Signature Algorithm (EdDSA). With this new capability, you can create an elliptic curve asymmetric KMS key or data key pairs to sign and verify EdDSA signatures using the Edwards25519 curve (Ed25519). Ed25519 provides 128-bit security level equivalent to NIST P-256, faster signing performance, and small signature size (64 bytes) and public key sizes (32 bytes). Ed25519 is ideal for situations that require small key and signature sizes, such as Internet of Things (IoT) devices and blockchain applications like cryptocurrency. This new capability is available in all AWS Regions, including the AWS GovCloud (US) Regions and the China Regions. To learn more about this new capability, see https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html section in the AWS KMS Developer Guide.

AWS KMS now supports Edwards-curve Digital Signature Algorithm (EdDSA)

AWS Key Management Service (KMS) announces support for the Edwards-curve Digital Signature Algorithm (EdDSA). With this new capability, you can create an elliptic curve asymmetric KMS key or dat...

#AWS #AwsGovcloudUs #AwsKms

AWS KMS now supports Edwards-curve Digital Signature Algorithm (EdDSA) AWS Key Management Service (KMS) announces support for the Edwards-curve Digital Signature Algorithm (EdDSA). With this new capability, you can create an elliptic curve asymmetric KMS key or data key pairs to sign and verify EdDSA signatures using the Edwards25519 curve (Ed25519). Ed25519 provides 128-bit security level equivalent to NIST P-256, faster signing performance, and small signature size (64 bytes) and public key sizes (32 bytes). Ed25519 is ideal for situations that require small key and signature sizes, such as Internet of Things (IoT) devices and blockchain applications like cryptocurrency. This new capability is available in all AWS Regions, including the AWS GovCloud (US) Regions and the China Regions. To learn more about this new capability, see Asymmetric key specs section in the AWS KMS Developer Guide.

🆕 AWS KMS now supports EdDSA with Ed25519, offering 128-bit security, faster signing, and small key/signature sizes ideal for IoT and blockchain. Available in all regions. See AWS KMS Developer Guide for details.

#AWS #AwsGovcloudUs #AwsKms

AWS announces Nitro Enclaves are now available in all AWS Regions https://aws.amazon.com/ec2/nitro/nitro-enclaves/ is an Amazon EC2 capability that enables customers to create isolated compute environments (enclaves) to further protect and securely process highly sensitive data within their EC2 instances. Nitro Enclaves helps customers reduce the attack surface area for their most sensitive data processing applications. There is no additional cost other than the cost for the using Amazon EC2 instances and any other AWS services that are used with Nitro Enclaves. Nitro Enclaves is now available across all AWS Regions, expanding to include new regions in Asia Pacific (New Zealand, Thailand, Jakarta, Hyderabad, Malaysia, Melbourne, and Taipei), Europe (Spain and Zurich), Middle East (UAE and Tel Aviv), and North America (Central Mexico and Calgary). To learn more about AWS Nitro Enclaves and how to get started, visit the https://aws.amazon.com/ec2/nitro/nitro-enclaves/.

AWS announces Nitro Enclaves are now available in all AWS Regions

https://aws.amazon.com/ec2/nitro/nitro-enclaves/ is an Amazon EC2 capability that enables customers to create isolated compute environments (enclaves) to further protect and securely proces...

#AWS #AwsKms #AmazonLinux2 #AmazonEc2

AWS announces Nitro Enclaves are now available in all AWS Regions AWS Nitro Enclaves is an Amazon EC2 capability that enables customers to create isolated compute environments (enclaves) to further protect and securely process highly sensitive data within their EC2 instances. Nitro Enclaves helps customers reduce the attack surface area for their most sensitive data processing applications. There is no additional cost other than the cost for the using Amazon EC2 instances and any other AWS services that are used with Nitro Enclaves. Nitro Enclaves is now available across all AWS Regions, expanding to include new regions in Asia Pacific (New Zealand, Thailand, Jakarta, Hyderabad, Malaysia, Melbourne, and Taipei), Europe (Spain and Zurich), Middle East (UAE and Tel Aviv), and North America (Central Mexico and Calgary). To learn more about AWS Nitro Enclaves and how to get started, visit the AWS Nitro Enclaves page.

🆕 AWS Nitro Enclaves, a secure EC2 feature for isolated, sensitive data processing, is now available in all regions with no extra cost. New regions include Asia Pacific, Europe, Middle East, and North America. For details, visit the AWS Nitro Enclaves page.

#AWS #AwsKms #AmazonLinux2 #AmazonEc2

Customer managed KMS keys now available for Automated Reasoning checks AWS announces support for customer managed AWS Key Management Service (KMS) keys in Automated Reasoning checks in Amazon Bedrock Guardrails. This enhancement enables you to use your own encryption keys to protect policy content and tests, giving you full control over key management. Automated Reasoning checks in Amazon Bedrock Guardrails is the first and only generative AI safeguard that helps correct factual errors from hallucinations using logically accurate and verifiable reasoning that explains why responses are correct. This feature enables organizations in regulated industries like healthcare, financial services, and government to adopt Automated Reasoning checks while meeting compliance requirements for customer-owned encryption keys. For example, a financial institution can now use Automated Reasoning checks to validate loan processing guidelines while maintaining full control over the encryption keys protecting their policy content. When creating an Automated Reasoning policy, you can now select a customer managed KMS key to encrypt your content rather than using the default key. Customer managed KMS key support for Automated Reasoning checks is available in all AWS Regions where Amazon Bedrock Guardrails is offered: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), and Europe (Paris). To get started, see the following resources: Automated Reasoning checks https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-automated-reasoning-checks.html Amazon Bedrock Guardrails https://aws.amazon.com/bedrock/guardrails/ AWS Key Management Service https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-mgn-key Create an Automated Reasoning policy in the https://console.aws.amazon.com/bedrock/home#/automated-reasoning/policies

Customer managed KMS keys now available for Automated Reasoning checks

AWS announces support for customer managed AWS Key Management Service (KMS) keys in Automated Reasoning checks in Amazon Bedrock Guardrails. This enhancement enables you to use your own encrypti...

#AWS #AmazonBedrock #AwsKms

Customer managed KMS keys now available for Automated Reasoning checks AWS announces support for customer managed AWS Key Management Service (KMS) keys in Automated Reasoning checks in Amazon Bedrock Guardrails. This enhancement enables you to use your own encryption keys to protect policy content and tests, giving you full control over key management. Automated Reasoning checks in Amazon Bedrock Guardrails is the first and only generative AI safeguard that helps correct factual errors from hallucinations using logically accurate and verifiable reasoning that explains why responses are correct. This feature enables organizations in regulated industries like healthcare, financial services, and government to adopt Automated Reasoning checks while meeting compliance requirements for customer-owned encryption keys. For example, a financial institution can now use Automated Reasoning checks to validate loan processing guidelines while maintaining full control over the encryption keys protecting their policy content. When creating an Automated Reasoning policy, you can now select a customer managed KMS key to encrypt your content rather than using the default key. Customer managed KMS key support for Automated Reasoning checks is available in all AWS Regions where Amazon Bedrock Guardrails is offered: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), and Europe (Paris). To get started, see the following resources: Automated Reasoning checks user guide Amazon Bedrock Guardrails product page AWS Key Management Service developer guide Create an Automated Reasoning policy in the Bedrock console

🆕 AWS now supports customer managed KMS keys in Automated Reasoning checks for Amazon Bedrock Guardrails, enabling encryption key control for policy content and tests, aiding compliance in regulated industries. Available in select regions.

#AWS #AmazonBedrock #AwsKms

AWS IAM Identity Center now supports customer-managed KMS keys for encryption at rest | Amazon Web Services Gain control over encryption and comply with regulations using customer-managed keys for AWS IAM Identity Center's user data and passwords.

📰🚨 AWS IAM Identity Center now supports customer-managed KMS keys for encryption at rest

#AWSKMS #IdentityCenter #DataEncryption #KeyManagement #RegulatoryCompliance

우리는 암호화하는데 왜 키를 사용할까? | 카카오페이 기술 블로그 현대 암호화의 발전 흐름을 이해하고 실무에 적용했던 경험에 대해서 공유합니다.

우리 서비스 암호화, 이대로 괜찮을까?

"일단 돌아는 가는데..." 불안한 암호화 코드,
언제까지 외면하실 건가요?

속도와 키 관리를 모두 잡은 봉투 암호화로 안전하게 리팩토링하세요.
기술을 적용하기 전에 '왜' 필요한지 고민하는 것이 핵심입니다.
tech.kakaopay.com/post/kakaopa...

결국 좋은 설계는 기술을 '어떻게' 쓸지보다 '왜' 써야 하는지 아는 데서 출발합니다.

#암호화 #리팩토링 #정보보안 #개발자 #AWSKMS #서버개발 #클린코드

Want top-notch data security?🔒Explore AWS KMS & Oracle TDE, the two powerhouses of Amazon RDS Oracle encryption🛡️AWS KMS gives database-wide encryption, Oracle TDE offers specific control🔑Watch now & choose smartly👀#DataProtection #DatabaseSecurity #AWSKMS #OracleTDE 🎯

AWS KMS adds support for post-quantum ML-DSA digital signatures AWS Key Management Service (KMS) now supports the https://csrc.nist.gov/pubs/fips/204/final, a quantum-resistant digital signature algorithm designed to help organizations address emerging quantum computing threats. This post-quantum signature algorithm is one of the selected algorithms standardized by NIST to protect sensitive information well into the foreseeable future, including after the advent of cryptographically relevant quantum computers. ML-DSA is particularly valuable for manufacturers and developers who need to protect firmware and application code signing where cryptographic signatures cannot be easily updated after deployment and for organizations that require signatures on digital content to remain valid for several years. The ML-DSA keys integrate with the existing KMS CreateKey and Sign APIs, enabling customers to preserve their established automation processes, IAM and KMS key policies, auditing capabilities, and tagging workflows. AWS KMS support for ML-DSA introduces three new key specs (ML_DSA_44, ML_DSA_65, and ML_DSA_87) that work with the post-quantum SigningAlgorithm ML_DSA_SHAKE_256, with support for both raw signatures and the pre-hashed variant (External Mu). This new feature is generally available and you can use ML-DSA in the following AWS Regions: US West (N. California), and Europe (Milan) with the remaining commercial AWS Regions to follow in the coming days. To learn more, see the https://aws.amazon.com/blogs/security/how-to-create-post-quantum-signatures-using-aws-kms-and-ml-dsa/, and see the https://docs.aws.amazon.com/kms/latest/developerguide/mldsa.html in the AWS KMS Developer Guide.

AWS KMS adds support for post-quantum ML-DSA digital signatures

AWS Key Management Service (KMS) now supports the https://csrc.nist.gov/pubs/fips/204/final a quantum-resistant digital signature algorithm designed to help organizations address emerging quantum computing threats. ...

#AWS #AwsKms

AWS KMS adds support for post-quantum ML-DSA digital signatures AWS Key Management Service (KMS) now supports the FIPS 203 Module-Lattice Digital Signature Standard (MLDSA), a quantum-resistant digital signature algorithm designed to help organizations address emerging quantum computing threats. This post-quantum signature algorithm is one of the selected algorithms standardized by NIST to protect sensitive information well into the foreseeable future, including after the advent of cryptographically relevant quantum computers. ML-DSA is particularly valuable for manufacturers and developers who need to protect firmware and application code signing where cryptographic signatures cannot be easily updated after deployment and for organizations that require signatures on digital content to remain valid for several years. The ML-DSA keys integrate with the existing KMS CreateKey and Sign APIs, enabling customers to preserve their established automation processes, IAM and KMS key policies, auditing capabilities, and tagging workflows. AWS KMS support for ML-DSA introduces three new key specs (ML_DSA_44, ML_DSA_65, and ML_DSA_87) that work with the post-quantum SigningAlgorithm ML_DSA_SHAKE_256, with support for both raw signatures and the pre-hashed variant (External Mu). This new feature is generally available and you can use ML-DSA in the following AWS Regions: US West (N. California), and Europe (Milan) with the remaining commercial AWS Regions to follow in the coming days. To learn more, see the AWS Security Blog for how to create post-quantum signatures using AWS KMS and ML-DSA, and see the ML-DSA signing topic in the AWS KMS Developer Guide.

🆕 AWS KMS now supports post-quantum ML-DSA digital signatures to protect against quantum computing threats, integrating with existing APIs and offering new key specs. Available in US West and Europe, with more regions to follow.

#AWS #AwsKms

Implementing Envelope Encryption with Amazon MSK and AWS KMS Learn how to use AWS KMS to encrypt and decrypt Apache Kafka messages using a concrete example with Java Spring Boot producers and consumers

"Implementing Envelope Encryption with Amazon MSK and AWS KMS" by Camille

#amazon-msk #awskms #java #spring-boot #apache-kafka

AWS KMS launches on-demand key rotation for imported keys AWS Key Management Service (KMS) is announcing support for on-demand rotation of symmetric encryption KMS keys with imported key material. This new capability enables you to rotate the cryptographic key material of Bring Your Own Keys (BYOK) keys without changing the key identifier (key ARN). Rotating keys helps you meet compliance requirements and security best practices that mandate periodic key rotation. Organizations can now better align key rotation with their internal security policies when using imported keys within AWS KMS. This new on-demand rotation capability supports both immediate rotation as well as scheduled rotation. Similar to flexible rotation for standard KMS keys, this new rotation capability offers seamless transition to new key material within an existing KMS key ARN and key alias, with zero downtime and complete backwards compatibility with existing data protected under this key. On-demand key rotation is available in all AWS Regions, including the AWS GovCloud (US) Regions and in the China Regions. To learn more, see the https://aws.amazon.com/blogs/security/how-to-use-on-demand-rotation-for-aws-kms-imported-keys/, and the https://docs.aws.amazon.com/kms/latest/developerguide/rotating-keys-on-demand.html in the AWS KMS developer guide.  

AWS KMS launches on-demand key rotation for imported keys

AWS Key Management Service (KMS) is announcing support for on-demand rotation of symmetric encryption KMS keys with imported key material. This new capability enables you to rotate the cryptographic key mate...

#AWS #AwsKms #AwsGovcloudUs

AWS KMS launches on-demand key rotation for imported keys AWS Key Management Service (KMS) is announcing support for on-demand rotation of symmetric encryption KMS keys with imported key material. This new capability enables you to rotate the cryptographic key material of Bring Your Own Keys (BYOK) keys without changing the key identifier (key ARN). Rotating keys helps you meet compliance requirements and security best practices that mandate periodic key rotation. Organizations can now better align key rotation with their internal security policies when using imported keys within AWS KMS. This new on-demand rotation capability supports both immediate rotation as well as scheduled rotation. Similar to flexible rotation for standard KMS keys, this new rotation capability offers seamless transition to new key material within an existing KMS key ARN and key alias, with zero downtime and complete backwards compatibility with existing data protected under this key. On-demand key rotation is available in all AWS Regions, including the AWS GovCloud (US) Regions and in the China Regions. To learn more, see the AWS Security Blog for how to use on demand rotation with imported keys, and the rotate on-demand topic in the AWS KMS developer guide.

🆕 AWS KMS now supports on-demand rotation for imported symmetric keys, enabling compliance with key rotation policies without changing key identifiers, available in all regions.

#AWS #AwsKms #AwsGovcloudUs

Amazon S3 Tables now support server-side encryption using AWS KMS with customer-managed keys Amazon S3 Tables now support server-side encryption using AWS Key Management Service (SSE-KMS) with customer-managed keys. You can use your own KMS keys to encrypt the tables stored in table buckets to meet regulatory and governance requirements. By default, S3 Tables encrypt all objects with server-side encryption using S3-managed keys (SSE-S3). With support for customer-managed keys, you have the option to set a default customer-managed key for all new tables in the table bucket, set a dedicated key per table, or implement a combination of both approaches. With SSE-KMS support, S3 Tables use S3 Bucket Keys by default for cost optimization, and provide AWS CloudTrail logging for auditing the usage of customer-managed keys. S3 Tables support for SSE-KMS using customer-managed keys is available for all new tables in all https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-regions-quotas.html#s3-tables-regions. To learn more, visit the https://aws.amazon.com/s3/features/tables/ and https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-kms-encryption.html.

Amazon S3 Tables now support server-side encryption using AWS KMS with customer-managed keys

Amazon S3 Tables now support server-side encryption using AWS Key Management Service (SSE-KMS) with customer-managed keys. You can use your own KMS keys to encrypt the tables st...

#AWS #AmazonS3 #AwsKms

Amazon S3 Tables now support server-side encryption using AWS KMS with customer-managed keys Amazon S3 Tables now support server-side encryption using AWS Key Management Service (SSE-KMS) with customer-managed keys. You can use your own KMS keys to encrypt the tables stored in table buckets to meet regulatory and governance requirements. By default, S3 Tables encrypt all objects with server-side encryption using S3-managed keys (SSE-S3). With support for customer-managed keys, you have the option to set a default customer-managed key for all new tables in the table bucket, set a dedicated key per table, or implement a combination of both approaches. With SSE-KMS support, S3 Tables use S3 Bucket Keys by default for cost optimization, and provide AWS CloudTrail logging for auditing the usage of customer-managed keys. S3 Tables support for SSE-KMS using customer-managed keys is available for all new tables in all AWS Regions where S3 Tables are available. To learn more, visit the product page and documentation.

🆕 Amazon S3 Tables now support SSE-KMS with customer-managed keys for encryption, offering flexibility to meet regulatory needs via AWS CloudTrail logging and cost optimization with S3 Bucket Keys. Available in all regions with S3 Tables.

#AWS #AmazonS3 #AwsKms

Q-Bits: Setting Up KMS Keys with Amazon Q Developer This blog post explores how Amazon Q Developer can help with the management of AWS KMS encryption keys.

"Q-Bits: Setting Up KMS Keys with Amazon Q Developer" by Frank Allotta

#amazon-q-developer #q-bits #awskms #kms