Unable to import an RSA 2048 private key to KMS
I have an RSA 2048 private key in the following format: -----BEGIN PRIVATE KEY----- <Key Content> -----END PRIVATE KEY-----
I tried to import this to KMS using the RSA_AES_KEY_WRAP_SHA_256 Algorithm. But I am getting the following error: ImportKeyMaterial request failed InvalidCiphertextException
I followed the documentation at: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html
The commands I ran are as follows:
openssl rand -out aes-key.bin 32
openssl enc -id-aes256-wrap-pad -K "$(xxd -p < aes-key.bin | tr -d '\n')" -iv A65959A6 -in clearbank.key -out key-material-wrapped.bin
openssl pkeyutl -encrypt -in aes-key.bin -out aes-key-wrapped.bin -inkey WrappingPublicKey.bin -keyform DER -pubin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256
cat aes-key-wrapped.bin key-material-wrapped.bin > EncKey.bin
My private key file name is: clearbank.key.
Please help me. This is very urgent.
PS: This key if for signing and I am working in the management console not CLI.
- Newest
- Most votes
- Most comments
You're getting an error because you don't import keys, but key material instead.
Have a look here: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
Hi,
This guidance from the Knowledge center may help you fix your problem: " *I'm using OpenSSL to import my key into AWS KMS, but I'm getting an "InvalidCiphertext" error. How can I fix this? * "
see https://repost.aws/knowledge-center/invalidciphertext-kms
Best,
Didier
Relevant content
- asked 4 months ago
- asked 2 years ago
- asked 7 months ago
AWS OFFICIALUpdated 4 months ago- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 12 days ago