when manual KMS key rotation using customer generated KMS key material, and following the procedure as per documentation, how is the old information decrypted (ie the info that was encrypted with the old CMK) , if you have changed to new generated CMK?

Question

when performing manual KMS key rotation using customer generated KMS key material, and following the procedure as per documentation, how is the old information decrypted (ie the info that was encrypted with the old CMK) , if you have deleted the old key and changed to new generated CMK?

Chatz Answered 3 years ago · Answer 1 · 2018-08-16 12:28:16

Chatz

Answered 3 years ago

Hi Alanm,

When you rotate keys the old key is retained to decrypt data encrypted using that key. New data is encrypted using the new material.

Chatz

Fidelis Ekezue Answered 3 years ago · Answer 2 · 2018-08-16 18:27:54

Fidelis Ekezue

Answered 3 years ago

Hi Alanm,

When you rotate the keys, the old key is not deleted hence the old data can still be decrypted. If you delete the old key, you will not be able to decrypt the data that was encrypted with the old key

Fidelis

when manual KMS key rotation using customer generated KMS key material, and following the procedure as per documentation, how is the old information decrypted (ie the info that was encrypted with the old CMK) , if you have changed to new generated CMK?

2 Answers

Newsletter