Authenticode certificate in AWS KMS

Question

Hi, we would like to use AWS Key Management Service to sign our binaries with our Authenticode certificate (both normal and EV).

Is there a way to import our own key into KMS? We can import our own symmetric key, but to sign stuff we need asymmetric keys.

Answer

Hello,

unfortunatly only symmetric keys are supported with imported key material.

`Imported key material is supported only for symmetric encryption KMS keys in AWS KMS key stores, including multi-Region symmetric encryption KMS keys. It is not supported on asymmetric KMS keys, HMAC KMS keys, or KMS keys in custom key stores.`

See also: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html

Authenticode certificate in AWS KMS

相關內容