Outside decrypt data encrypted with KMS. Divergency in docs.
Hello everybody!
I'm using a KMS assymetric key (RSA 4096) with imported key material to encrypt some pieces of data. Docs says that Asymmetric keys and HMAC keys are portable and interoperable, including decrypt with assymetric private key outside AWS.
But there is a note in Importing key material for AWS KMS keys that says "AWS KMS does not support decrypting any AWS KMS ciphertext outside of AWS KMS, even if the ciphertext was encrypted under a KMS key with imported key material".
One of these informations is wrong, the question is which one?
If is possible to decrypt with assymetric private key outside AWS, how to use original imported key material to do that?
- Newest
- Most votes
- Most comments
For encryption using asymmetric key (specifically RSA keys), as long as you use the compatible algorithm (i.e., RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256) you should be able to decrypt the ciphertext. Link to doc. The statement you highlighted applies to symmetric key that you import.
Relevant content
- asked 7 months ago
- Accepted Answerasked 4 years ago
- asked a year ago
- asked 7 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 23 days ago
- AWS OFFICIALUpdated 2 years ago
