Outside decrypt data encrypted with KMS. Divergency in docs.

0

Hello everybody!

I'm using a KMS assymetric key (RSA 4096) with imported key material to encrypt some pieces of data. Docs says that Asymmetric keys and HMAC keys are portable and interoperable, including decrypt with assymetric private key outside AWS.

But there is a note in Importing key material for AWS KMS keys that says "AWS KMS does not support decrypting any AWS KMS ciphertext outside of AWS KMS, even if the ciphertext was encrypted under a KMS key with imported key material".

One of these informations is wrong, the question is which one?

If is possible to decrypt with assymetric private key outside AWS, how to use original imported key material to do that?

1 Antwort
1

For encryption using asymmetric key (specifically RSA keys), as long as you use the compatible algorithm (i.e., RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256) you should be able to decrypt the ciphertext. Link to doc. The statement you highlighted applies to symmetric key that you import.

AWS
beantwortet vor 2 Monaten
profile picture
EXPERTE
überprüft vor 2 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen