InfoQ Homepage Cryptography Content on InfoQ
-
Apple Debuts Post-Quantum Cryptography Cipher PQ3 for iMessage Communication
Apple announced a new quantum-resistant encryption protocol that will be used to secure iMessage communications, PQ3 against attack scenarios known as "harvest now, decrypt later".
-
OpenSSL 3.2 Brings Support for QUIC, Windows Certificate Store, and More
The latest version of OpenSSL, OpenSSL 3.2.0, brings significant new features, including client support for QUIC, new digital signature algorithms, new certificate compression options, SSL/TLS security level increase, and more.
-
Cloudflare Post-Quantum Cryptography Now Generally Available, Including Origin Servers
Cloudflare has announced the general availability of post-quantum cryptography for a number of its services and internal systems. While promising a higher standard of privacy for the post-quantum era, the new feature depends on post-cryptography support in browsers and on the final link between Cloudflare and origin servers.
-
Combating AI-Generated Fake Images with JavaScript Libraries, by Kate Sills at QCon San Francisco
At the recent QCon San Francisco conference Kate Sills gave a talk about combating AI-generated fake images using existing JavaScript libraries. She advocated for using cryptographic timestamping to ensure the time photos were taken, and using digital signatures to verify that the image was made by a legitimate source.
-
Implementing Application Level Encryption at Scale: Insights from Atlassian’s Use of AWS and Cryptor
Atlassian recently published how it performs Application Level Encryption at scale on AWS while utilising high cache hit rates and maintaining low costs. Atlassian's solution runs over 12,500 instances and manages over 1,540 KMS keys. It performs over 11 billion decryptions and 811 million encryptions daily, costing $2,500 per month versus a potential $1,000,000 per month using a naive solution.
-
Modern Cryptography in OpenJDK: Introduction of Key Encapsulation Mechanisms API
JEP 452, Key Encapsulation Mechanism API, has been marked as completed for JDK 21. This JEP introduces a modern encryption technique for securing symmetric keys using public key cryptography. The API supports various KEM algorithms, including RSA-KEM, ECIES, and those under NIST's Post-Quantum Cryptography standardization.
-
EC2 Instance Connect Endpoint Enables Secure Connectivity between Public and Private Networks
AWS recently announced Amazon EC2 Instance Connect (EIC) Endpoint, a new feature that allows users to connect securely to their instances and other Amazon Virtual Private Cloud (Amazon VPC) resources from the Internet.
-
AWS Payment Cryptography: New Service for Payment Processing Applications
At the recent re:Inforce conference, AWS announced Payment Cryptography, a new service to manage payment cryptography operations. The new elastic option simplifies key management for payment processing applications, helping customers meet PCI security requirements.
-
AWS Launches Amazon S3 Dual-Layer Server-Side Encryption with Keys Stored in AWS KMS
Recently AWS launched Amazon S3 dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS), a new encryption option in Amazon S3 that applies two layers of encryption to objects when they are uploaded to an Amazon Simple Storage Service (Amazon S3) bucket.
-
.NET 7 Brings Networking Improvements
The .NET 7 launch has brought many improvements around the whole API surface of the .NET Framework. In networking operations, .NET 7 improves the capabilities and performance of the existing HTTP and WebSockets protocols. It exposed a new protocol called QUIC and has many performance improvements compared to .NET 6.
-
Amazon S3 Encrypts All New Objects with AES-256
Since January 5th, Amazon S3 encrypts all new objects by default with AES-256 to protect data at rest. S3 automatically applies server-side encryption using Amazon S3-managed keys for each new object, unless a different encryption option is specified.
-
AWS Key Management Service Now Supports External Key Stores
AWS recently announced the availability of AWS Key Management Service (AWS KMS) External Key Store (XKS), allowing organizations to store and manage their encryption keys outside the AWS KMS service.
-
Open-Source Constellation K8 Engine Aims to Bring Confidential Computing to Kubernetes
Constellation is a Kubernetes engine that shields Kubernetes clusters from the rest of the cloud infrastructure using confidential computing and confidential VMs. This creates a confidential context that ensures data is always encrypted, both at rest and in memory.
-
Google Cloud Certificate Manager Generally Available
Google Cloud recently announced the general availability of Certificate Manager, a service to acquire, manage, and deploy TLS certificates for use with Google Cloud workloads.
-
Amazon Introduces Encrypted Communication Service AWS Wickr
A year after the acquisition of the company Wickr, Amazon recently announced the preview of the collaboration suite AWS Wickr. Built on a proprietary encryption protocol, the new managed service provides enterprises and government agencies with security and administrative controls to meet security and compliance requirements.