100 Days of System Design Questions challenges

Design a system for encrypting and securely storing sensitive user data within a software application or system. The system should provide end-to-end encryption to protect user data both in transit and at rest, while ensuring compliance with relevant security and privacy regulations. Consider factors such as data encryption algorithms, key management, access controls, and data residency requirements in your design. Discuss how you would implement encryption mechanisms to encrypt sensitive data before storage and decrypt it when accessed by authorized users. Additionally, address how you would manage encryption keys securely, including key generation, rotation, and storage. Provide insights into the technologies, cryptographic libraries, secure storage solutions, and compliance frameworks you would employ to implement this system effectively while safeguarding sensitive user data.