Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar
Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.
How can I verify that authenticated encryption with associated data encryption is used when calling AWS KMS APIs?
Lesedauer: 1 Minute
0
How can I verify that authenticated encryption with associated data encryption is used when calling AWS Key Management Service (AWS KMS) Encrypt, Decrypt, and ReEncrypt APIs?
Short description
AWS KMS provides an encryption context that you can use to verify the authenticity of AWS KMS API calls, and the integrity of the ciphertext returned by the AWS Decrypt API.
Resolution
To verify the integrity of data encrypted with the AWS KMS APIs, you pass a set of key-value pairs as an encryption context during AWS KMS encryption, and again when you call the Decrypt or ReEncrypt APIs. If the encryption context that you pass to the Decrypt API is identical to the encryption context that you pass to the Encrypt or ReEncrypt APIs, the integrity of the ciphertext returned is protected.