Why do I need to also share the encryption key with the other account when sharing an encrypted snapshot?

Question

In the AWS docs it says that

When you share an encrypted snapshot, you must also share the customer managed key used to encrypt the snapshot.

but why is that necessary? Why does the receiving account need the encryption key when I share with it an encrypted snapshot? To make use of the snapshot, they should only need the decryption key, right?

What is that thing you call "decryption key" and where would you get it from? — luk2302, Sep 07 '21 at 08:25

score 0 · Accepted Answer · answered Sep 07 '21 at 07:49

0

Its because of the use of Symmetric-key algorithms to encrypt/decrypt data. Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic data hence its why you must share it.

answered Sep 07 '21 at 07:49

The Average Google User

309
3
8

Thank you! I did not know that the encryption algorithm used was symmetric. – Sahand Sep 08 '21 at 10:31

Why do I need to also share the encryption key with the other account when sharing an encrypted snapshot?

1 Answers1