Cryptography as a Service Security Pattern

In this pattern, the management of cryptographic keys is delegated to the same entity that performs the cryptographic actions. Consequently, the system under design never possesses the used cryptographic keys.

Benefits and Trade-offs

Benefits:

• Limits risk of leaking cryptographic keys
• Reduces risk of incorrectly configuring and/or using a cipher
• System only handles key identifiers, not key material

Trade-offs:

• Requires greater trust in the entity providing cryptographic operations
• Dependency on external service availability

Common Implementations