AWS KMS Workshop

Xabi·2024년 8월 20일
0

AWS

목록 보기
1/2

1. 실습환경 구성

  • AWS 이벤트에 참가하여 실습이 가능한 환경을 부여받고 시작

2. KMS 의 동작원리와 KMS 키

2.1 고객 관리형 키(CMK) 생성하기

  • CloudFormation을 통해 생성된 EC2 인스턴스에 연결하여 KMS 키 생성 작업 진행
  • EC2-instance region 설정

2.2 정책 생성 및 연결

  • 정책을 만들어 역할에 첨부
  • AWS CLI 또는 AWS 콘솔을 통해 필요한 권한을 추가
  • EC2 인스턴스에 연결된 역할에 새 정책이 부여되었기 때문에 아래와 같이 EC2 인스턴스에서 새로운 고객 관리형 키(CMK)를 만들 수 있을 것

2.3 CMK 생성 및 별칭(alias)

  • AWS 에서는 여러가지 유형의 KMS 키를 사용할 수 있음
  • 새로운 고객 관리형 키를 생성하기 위하여 아래의 명령을 입력

    aws kms create-key

2.4 자체 키 구성요소로 CMK 생성하기

  • 외부 키 구성요소로 KMS 키 생성하기
  • AWS KMS를 사용하면 자체적으로 관리하는 키 구성요소를 가져와서 KMS 키를 생성할 수 있습니다. 이렇게 하려면 키 자료를 AWS KMS에 업로드하기 위해 특별한 래핑이 필요합니다.

  • 파일 2개 생성
    "PublicKey" Value -> pkey.b64
    "ImportToken" Value -> token.b64에 넣고 저장 후 binary 파일로 변환생성

3. CSE 와 SSE

3.1 클라이언트 측 암호화

  • 정책/역할 추가 후 실행

  • 이 명령은 다음이 포함된 JSON 출력을 반환합니다:
    1) 일반 텍스트 데이터 키 - b64 인코딩의 일반 텍스트 키
    2) 일반 텍스트 데이터 키를 암호화하는 데 사용된 KeyId
    3) 베이스64 인코딩으로 생성된 암호화된 데이터 키인 CiphertextBlob

3.2 Encyption SDK CLI

  • 위의 메뉴얼 관리 방법과 다르게 aws-sdk-cli를 사용해 봉투암호화를 자동화하는 방법
  • 편하나 메뉴얼 암호화 값보다 데이터 사이즈가 큰 점을 고려해야 함
  • 암호화한 결과 + 암호화된 데이터 키 + 메타데이터 합산되다 보니 사이즈가 커진다. 10배 차이. (테이블 필드값이 10배 차이남)

3.3 서버 측 암호화

  • 디스크 암호화 가능 (디스크 탈취 및 마운트 방지)

3.4 KMS 자체 암호화

  • 위의 SDK CLI와 다르게 해당 방법은 평문의 데이터만 올려보내면 클라우드 KMS에서 내부 자체 암호화를 진행하여 암호화 값을 내려주는 방식
  • SDK 방법은 3가지 값을 내려받아 자동으로 CLI에서 암호화하는 방법
profile
잘먹고 잘살자

1개의 댓글

comment-user-thumbnail
2024년 9월 19일

In the world of software activation, finding a reliable and cost-effective solution can be a daunting task. For many users, the need to activate Windows or Microsoft Office without incurring significant expenses leads them to explore alternatives. One such alternative is the KMS Activator offered by Activators.pro, a platform that has garnered attention for its ability to provide free and functional activation tools. This review aims to provide a detailed and insightful evaluation of KMS Activator from Activators.pro, focusing on its usability, reliability, and overall performance.

Understanding KMS Activator
KMS (Key Management Service) Activator is a tool designed to activate Microsoft software products, including Windows and Office, without requiring a purchased license key. Instead, it mimics the activation process used by Microsoft’s own activation servers. Activators.pro offers a range of KMS activators, promising ease of use and efficiency. My personal experience with this tool has been both positive and enlightening, revealing several key benefits that make it a noteworthy solution for those seeking to activate their software without the usual cost.

Usability and Installation
One of the standout features of the KMS Activator from Activators.pro is its user-friendly nature. The website provides a straightforward download process, and the installation of the activator is accompanied by clear, step-by-step instructions. The entire process, from downloading the tool to successfully activating Windows, was completed seamlessly. For users who may not be tech-savvy, this ease of use is crucial, as it ensures that even those with minimal technical expertise can effectively utilize the activator.

Reliability and Performance
In terms of reliability, KMS Activator has proven to be a dependable tool. During my testing, the activator performed consistently, successfully activating both Windows and Office without encountering any major issues. The tool is designed to work with various system architectures, including both 32-bit and 64-bit versions, making it a versatile choice for different hardware configurations.

Another significant advantage is the regular updates provided by Activators.pro. The site frequently updates its activators to ensure compatibility with the latest versions of Microsoft products. This commitment to keeping the tool up-to-date is essential for maintaining its effectiveness and avoiding potential activation issues that could arise from system updates.

Key Considerations and Tips
Antivirus Software: One practical tip for users is to temporarily disable antivirus software during the activation process. Some antivirus programs may mistakenly identify the activator as a threat and interfere with its operation. Disabling the antivirus can prevent such conflicts and ensure a smooth activation process.

Version Updates: Always ensure that you are using the latest version of the KMS Activator. Activators.pro regularly releases updates to address any issues and to keep pace with new software releases. Using an outdated version could lead to activation failures or compatibility problems.

Support and Troubleshooting: Activators.pro offers support for users who encounter issues during the activation process. Taking advantage of this support can be beneficial if any problems arise. The responsiveness of the support team https://activators.pro/en adds an extra layer of reliability to the overall experience.

Conclusion
The KMS Activator from Activators.pro offers a compelling solution for those seeking to activate Windows and Microsoft Office without purchasing a license. Its user-friendly design, reliable performance, and regular updates make it a valuable tool for many users. By following best practices, such as updating to the latest version and managing antivirus settings, users can maximize the effectiveness of the activator.

Overall, Activators.pro provides a robust and practical alternative for software activation, demonstrating that it is possible to manage software licensing efficiently and affordably. For anyone looking to bypass the high cost of official licenses while ensuring proper activation, the KMS Activator from Activators.pro is certainly worth considering.

답글 달기