InfoQ Homepage Encryption Content on InfoQ
-
GitHub Rolls out Post-Quantum SSH Security to Protect Code from Future Threats
GitHub has deployed a hybrid post-quantum key-exchange algorithm for SSH access, strengthening protection against future quantum decryption threats. The rollout, now live across most regions, pairs classical and quantum-resistant methods to counter “store now, decrypt later” attacks and marks a major step toward quantum-safe software development.
-
Bring Your Own Key (BYOK): AWS IAM Identity Center Adopts CMKs to Meet Enterprise Compliance Needs
AWS IAM Identity Center now supports customer-managed KMS keys (CMKs) for encrypting identity data at rest. This enhancement offers organizations complete control over their encryption keys, ensuring granular access management, robust auditing via AWS CloudTrail, and improved compliance for regulated industries. It’s a key evolution for data sovereignty in the cloud.
-
AWS Introduces EC2 Instance Attestation
AWS has introduced EC2 instance attestation, a new security feature that enables customers to verify that their virtual machines are running approved software configurations in a cryptographically secure manner. The capability is powered by the Nitro Trusted Platform Module (NitroTPM) and Attestable AMIs.
-
HCP Terraform Now Offers Hold Your Own Key (HYOK) Option for Artifact Encryption
HashiCorp announced on July 31, 2025, the general availability of Hold Your Own Key (HYOK) support for HCP Terraform. This feature gives customers full control over the encryption keys used to protect sensitive Terraform artifacts such as state and plan files.
-
Guardian's Secure Messaging: Open Source Messaging Uses Millions of App Users as Traffic Cover
The Guardian has recently released Secure Messaging, a highly secure and user-friendly tool designed to protect journalistic sources by concealing the very fact that messaging is occurring. The open source project achieves strong plausible deniability by generating bait traffic through the routine activity of existing users of The Guardian's mobile app.
-
AWS Introduces Exportable Public SSL/TLS Certificates
AWS has recently announced exportable public SSL/TLS certificates from AWS Certificate Manager, addressing a long-standing community request and allowing users to export certificates with their private keys for use beyond managed services on AWS.
-
How to Defend Amazon S3 Buckets from Ransomware Exploiting SSE-C Encryption
A new ransomware campaign, dubbed Codefinger, has been targeting Amazon S3 users by exploiting compromised AWS credentials to encrypt data using Server-Side Encryption with Customer-Provided Keys (SSE-C). Attackers then demand ransom payments for the symmetric AES-256 keys required to decrypt the data. AWS has released recommendations to help users mitigate the risk of ransomware attacks on S3.
-
AWS Outlines Its Post-Quantum Cryptography Migration Plan
In a recent article on its security blog, AWS detailed its plan for migrating to post-quantum cryptography (PQC). The article addresses the challenges posed by PQC, outlines AWS's current progress in the migration process, and explains the impact on customers within the traditional shared responsibility model.
-
AWS Key Management Service Now Supports ECDH for Secure Communications
This summer, AWS announced that the AWS Key Management Service (KMS) supports the Elliptic Curve Diffie-Hellman (ECDH) key agreement. The security team at AWS recently showed how the new DeriveSharedSecret API enables the establishment of secure communication channels by using a derived shared secret.
-
Cloudflare Introduces Automatic SSL/TLS to Secure and Simplify Origin Server Connectivity
Cloudflare recently introduced new Automatic SSL/TLS settings to simplify the provider's encryption modes for communication with origin servers. This feature offers automatic configuration, ensuring security without risking site downtime.
-
Apple Debuts Post-Quantum Cryptography Cipher PQ3 for iMessage Communication
Apple announced a new quantum-resistant encryption protocol that will be used to secure iMessage communications, PQ3 against attack scenarios known as "harvest now, decrypt later".
-
OpenSSL 3.2 Brings Support for QUIC, Windows Certificate Store, and More
The latest version of OpenSSL, OpenSSL 3.2.0, brings significant new features, including client support for QUIC, new digital signature algorithms, new certificate compression options, SSL/TLS security level increase, and more.
-
Implementing Application Level Encryption at Scale: Insights from Atlassian’s Use of AWS and Cryptor
Atlassian recently published how it performs Application Level Encryption at scale on AWS while utilising high cache hit rates and maintaining low costs. Atlassian's solution runs over 12,500 instances and manages over 1,540 KMS keys. It performs over 11 billion decryptions and 811 million encryptions daily, costing $2,500 per month versus a potential $1,000,000 per month using a naive solution.
-
AWS Payment Cryptography: New Service for Payment Processing Applications
At the recent re:Inforce conference, AWS announced Payment Cryptography, a new service to manage payment cryptography operations. The new elastic option simplifies key management for payment processing applications, helping customers meet PCI security requirements.
-
AWS Launches Amazon S3 Dual-Layer Server-Side Encryption with Keys Stored in AWS KMS
Recently AWS launched Amazon S3 dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS), a new encryption option in Amazon S3 that applies two layers of encryption to objects when they are uploaded to an Amazon Simple Storage Service (Amazon S3) bucket.