Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to import an ECC_NIST_P256 asymmetric private key to KMS

0

I am creating the key using

openssl ecparam -out ec-private-key.bin -outform DER -name prime256v1 -genkey -param_enc explicit

Followed in the instructions mentioned in importing-keys-encrypt-key-material to encrypt the key and try to import it but it fails with the error : ImportKeyMaterial request failed: InvalidCiphertextException

Steps followed:

  • Download wrapping public key and import token from AWS console
    • Wrapping key spec: RSA_4096
    • Wrapping algorithm: RSAES_OAEP_SHA_256
  • Encrypt key materials using openssl pkeyutl -encrypt -in ec-private-key.bin -out EncryptedKeyMaterial.bin -inkey WrappingPublicKey.bin -keyform DER -pubin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256
  • Upload the EncryptedKeyMaterial.bin and ImportToken.bin to KMS console.
Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
AWS Identity and Access ManagementAWS Key Management ServiceSecurity
Language
English
asked 2 years ago713 views
1 Answer
0
Accepted Answer

As per the AWS documentation they don't support importing the ECC key material with explicit parameters.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content