Both application layer encryption and infrastructure layer encryption are part of the overall security of your system.
You can think about driving security, both the security related to the car (application layer) and de security related to the road (infrastructure layer) will impact the driving security.
- HTTPS/TLS
- VPNs, IPSEC
- Service Mesh
- Full Disk Encryption
- DB Encrypt
When you need security travelling with data. Application layer encryption increases privacy.
- Encrypt: make something secret using a key
- Decrypt: Make something readable using a key
- Sign: Prove integrity using a key
- Verify: Check integrity using a key
- Uses the same key for encrypt, decrypt, sign and verify
- Fast and efficient
- Challenge on how to share data
- The key has 2 parts: public and private
- Used when you need to do key exchange
- Encrypt and exchange using asymmetric keys
- Share freely
- Certificate Authority, CSR, proves that you hold the private key
- Store it in a file encrypted with password
- Secrets manager: 1Password, Vault, etc