Add an example for replicating the behavior of the AWS KMS MKP with the AWS KMS keyring #178
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… encrypt without a public key (#180) * Throw a more useful exception when trying to use the RawRsaKeyring to encrypt without a public key * Add a test for trying to decrypt without a private key
1 task
mattsb42-aws
requested changes
Apr 24, 2020
...amples/java/com/amazonaws/crypto/examples/keyring/awskms/ActLikeAwsKmsMasterKeyProvider.java
Outdated
Show resolved
Hide resolved
…/ActLikeAwsKmsMasterKeyProvider.java Co-Authored-By: Matt Bullock <[email protected]>
mattsb42-aws
approved these changes
Apr 24, 2020
acioc
added a commit
that referenced
this pull request
Aug 6, 2020
* Revert "Merge pull request #173 from aws/keyring" This reverts commit 015fc3c, reversing changes made to dcbc562. * Revert "Add an example for replicating the behavior of the AWS KMS MKP with the AWS KMS keyring (#178)" This reverts commit 676407a. * Revert "Updating changelog for version 1.7.0 (#174)" This reverts commit f18c383. * Updating Changelog for version 1.6.2 *Description of changes:* Updating Changelog for version 1.6.2 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. # Check any applicable: - [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files. * fix: validate entire ciphertext has been processed before returning (#191) * fix: validate entire ciphertext has been processed before returning * Updating changelog * Updating version for 1.6.2 release (#192) * Revert "Merge pull request #189 from mattsb42-aws/revert" This reverts commit bd4da5b, reversing changes made to d88fe8b. * Replace failing Assert.fails with assertThrows per earlier PR changes Co-authored-by: mattsb42-aws <[email protected]> Co-authored-by: Wesley Rosenblum <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes:
In addition to using the configured AWS KMS CMKs, the AWS KMS master key provider attempts to decrypt any data keys that were encrypted under an AWS KMS CMK. This behavior is not always obvious, and when we designed the AWS KMS keyring, we decided that it was best to separate these behaviors, but as customers migrate from master key providers to keyrings, it will be helpful to have an example of how to replicate the exact behavior of the AWS KMS master key provider using keyrings.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Check any applicable: