How can the developer decrypt the data that was encrypted by the CMK?

A developer is using an AWS Key Management Service (AWS KMS) customer master key (CMK) with imported key material to encrypt data in Amazon S3.The developer accidentally deletes the key material of the CMK and is unable to decrypt the data.

How can the developer decrypt the data that was encrypted by the CMK?

Request support from AWS to recover the deleted key material.

Create a new CMK. Use the new CMK to decrypt the data.

Use the CMK without the key material.

Reimport the same key material to the CMK.

Explanations:

AWS cannot recover deleted key material. Once the key material is deleted, it is permanently lost.

A new CMK will not help decrypt the data because the original encryption was done with the deleted key material.

A CMK without key material cannot decrypt data, as it needs key material to perform encryption and decryption.

Reimporting the same key material to the CMK allows the developer to use it to decrypt the data, as the original encryption was performed with that specific key material.

Learn & move to cloud

How can the developer decrypt the data that was encrypted by the CMK?

Explanations:

Leave a Reply Cancel reply