aws-nitro-enclaves-sdk-c icon indicating copy to clipboard operation
aws-nitro-enclaves-sdk-c copied to clipboard

Published 20 hours ago verified publisher icon aws

Custom encryption context

Open okready opened this issue 4 years ago • 1 comments
trafficstars

We're looking to include a custom encryption context for encrypt/decrypt operations. aws_kms_encrypt_blocking() and aws_kms_decrypt_blocking() do not expose the encryption context as an argument, and there doesn't seem to be a way to use a custom aws_kms_encrypt_request or aws_kms_decrypt_request struct aside from locally copying the code within aws_kms_encrypt_blocking() and aws_kms_decrypt_blocking().

Would it be possible to either add encrypt/decrypt functions that accept an encryption context to the SDK, or add encrypt/decrypt functions that accept a pre-formed aws_kms_encrypt_request/aws_kms_decrypt_request struct?

okready avatar Jan 29 '21 23:01 okready

Yes, adding an encryption context would be useful for sure. Providing an API which can provide the request structure directly would probably work for this.

petreeftime avatar Mar 12 '21 09:03 petreeftime

Pull requests #145 and #146 added new APIs:

  • from #145: aws_kms_decrypt_blocking_from_request and aws_kms_encrypt_blocking_from_request which allow to pass user-prepared aws_kms_encrypt_request or aws_kms_decrypt_request structs.
  • from #146: aws_kms_decrypt_blocking_with_context and aws_kms_encrypt_blocking_from_request which are similar to aws_kms_encrypt_blocking/aws_kms_decrypt_blocking but allow to pass a string with a JSON containing the Encryption context.

These new APIs should be sufficient to consider this issue as resolved.

atanzu avatar Dec 12 '24 13:12 atanzu