This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

What encryption is used for storage?

Posted on 12-13-2023 06:23 AM
PhilippeB
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

From GCP docs:

Cloud Storage manages server-side encryption keys on your behalf using the same hardened key management systems that we use for our own encrypted data, including strict key access controls and auditing. Cloud Storage encrypts user data at rest using AES-256in most cases using Galois/Counter Mode (GCM). There is no setup or configuration required, no need to modify the way you access the service, and no visible performance impact. Data is automatically decrypted when read by an authorized user.

Problem text in bold above (in most cases). From other docs, it appears some legacy HHDs use AES-CBC and AED-CTR (128 and 256 bits). How do we determine/confirm storage encryption is AES and that CBC is not used in a particular data center?

Solved Solved
2 1 502
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
robertcarlos
Staff
Reply posted on --/--/---- --:-- AM

Hi @PhilippeB,

Welcome to Google Cloud Community!

By default, Google Cloud Storage uses AES-GCM (256 bits) as the preferred protocol but still supports AES-CBC and AES-CTR (128 and 256 bits) for legacy HDDs and persistent disks which were created before 2015. If your project uses Cloud Storage and was created in 2015 (or later) the preferred protocol being used is AES-GCM (256 bits). 

You can check out the following documentation regarding information on Cloud Storage encryption and other options available to encrypt data when using Google Cloud Storage:

Hope this helps.

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
robertcarlos
Staff
Reply posted on --/--/---- --:-- AM

Hi @PhilippeB,

Welcome to Google Cloud Community!

By default, Google Cloud Storage uses AES-GCM (256 bits) as the preferred protocol but still supports AES-CBC and AES-CTR (128 and 256 bits) for legacy HDDs and persistent disks which were created before 2015. If your project uses Cloud Storage and was created in 2015 (or later) the preferred protocol being used is AES-GCM (256 bits). 

You can check out the following documentation regarding information on Cloud Storage encryption and other options available to encrypt data when using Google Cloud Storage:

Hope this helps.

Jump to Solution