Outside decrypt data encrypted with KMS. Divergency in docs.
Hello everybody!
I'm using a KMS assymetric key (RSA 4096) with imported key material to encrypt some pieces of data. Docs says that Asymmetric keys and HMAC keys are portable and interoperable, including decrypt with assymetric private key outside AWS.
But there is a note in Importing key material for AWS KMS keys that says "AWS KMS does not support decrypting any AWS KMS ciphertext outside of AWS KMS, even if the ciphertext was encrypted under a KMS key with imported key material".
One of these informations is wrong, the question is which one?
If is possible to decrypt with assymetric private key outside AWS, how to use original imported key material to do that?
- Le plus récent
- Le plus de votes
- La plupart des commentaires
For encryption using asymmetric key (specifically RSA keys), as long as you use the compatible algorithm (i.e., RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256) you should be able to decrypt the ciphertext. Link to doc. The statement you highlighted applies to symmetric key that you import.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 7 mois
AWS OFFICIELA mis à jour il y a 3 ans- Comment puis-je utiliser les clés asymétriques AWS KMS pour chiffrer un fichier à l'aide d'OpenSSL ?AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 5 mois