|
| 1 | +--- |
| 2 | +meta: |
| 3 | + title: Cryptographic details of Scaleway Key Manager |
| 4 | + description: This document details the cryptographic mechanisms of Scaleway Key Manager with adherence to ANSSI-PA-079 recommendations |
| 5 | +content: |
| 6 | + h1: Cryptographic details of Scaleway Key Manager |
| 7 | + paragraph: This document details the cryptographic mechanisms of Scaleway Key Manager with adherence to ANSSI-PA-079 recommendations |
| 8 | +tags: key-manager security |
| 9 | +dates: |
| 10 | + validation: 2025-04-30 |
| 11 | + posted: 2025-04-30 |
| 12 | +--- |
| 13 | + |
| 14 | +## Cryptographic primitives |
| 15 | + |
| 16 | +### Random number generation |
| 17 | + |
| 18 | +#### Generating KEKs |
| 19 | + |
| 20 | +Scaleway Key Manager uses a **Cryptographically Secure Pseudorandom Number Generator (CSPRNG)** |
| 21 | +to generate both keying material for managed keys and cryptographic unique IVs. |
| 22 | + |
| 23 | +The CSPRNG relies on recent Linux provided ChaCha-based PRNG, which is seeded with high-entropy and unpredictable sources: |
| 24 | + - Timing variations from hardware events |
| 25 | + - True Random Number Generators (TRNGs), such as the `RDSEED`/`RDRAND` instructions on AMD64 family processors |
| 26 | + |
| 27 | +<Message type="note"> |
| 28 | +Conforms to ANSSI-PA-079 R14. |
| 29 | +</Message> |
| 30 | + |
| 31 | +<Message type="warning"> |
| 32 | +That section does not apply to key imported by users via the Bring Your Own Key (BYOK) mechanism. |
| 33 | +</Message> |
| 34 | + |
| 35 | + |
| 36 | +#### Customer-provided KEKs (BYOK) |
| 37 | + |
| 38 | +Scaleway's Key Manager supports Bring Your Own Key (BYOK), so customer can import their |
| 39 | +own key material without relying on Scaleway to generate keys for them. In this case, |
| 40 | +the user has the responsibility to provide a strong key material. |
| 41 | + |
| 42 | +The provided material is not used as is. It is derived using the **HKDF algorithm with SHA2-256** |
| 43 | +as the hash algorithm, with secure random bytes injected as salt. |
| 44 | + |
| 45 | +### Symmetric encryption |
| 46 | + |
| 47 | +Scaleway Key Manager uses **AES-256-GCM** (AES with 256-bit key in Galois Counter Mode) with |
| 48 | +authenticated associated data (AEAD) to encrypt and decrypt user-provided payload. |
| 49 | + |
| 50 | +To reduce the risk of key overuse, plaintext payloads cannot exceed 64 KiB. |
| 51 | + |
| 52 | +For each encryption operation, a 96-bit Initialization Vector (IV) |
| 53 | +is generated using the CSPRNG described in the previous section. |
| 54 | + |
| 55 | +<Message type="note"> |
| 56 | +Conforms to ANSSI-PA-079 R1, R4, R12. |
| 57 | +</Message> |
| 58 | + |
| 59 | +<Message type="warning"> |
| 60 | +The Key Manager uses AES-256-GCM algorithm internally, but this does not constrain users to the same algorithm for their DEKs. |
| 61 | +We recommend using cryptographic libraries like Tink, which handle DEK management with robust and reviewed algorithms. |
| 62 | +Scaleway provides a Tink integrations for Go and Python, which is the preferred integration method. |
| 63 | + - [Tink Python integration](https://github.com/scaleway/tink-py-scwkms) |
| 64 | + - [Ting Go integration](https://github.com/scaleway/tink-go-scwkms) |
| 65 | + |
| 66 | +</Message> |
0 commit comments