Open
Description
We are standardizing examples across all implementations. We started with Python[1] and Java[2], so all new implementations need to match those examples.
Related to awslabs/aws-encryption-sdk-specification#103, it is important that these examples be as near as possible direct copies. The premise wording needs to be the same, wording of the step-by-step comments need to be the same, and we need to hit all the major points in the example.
Necessary Examples
API
- How to encrypt and decrypt
- How to change the algorithm suite
- How to encrypt and decrypt data streams in memory
- How to encrypt and decrypt data streamed between files
Keyrings
AWS KMS
- How to use one AWS KMS CMK
- How to use multiple AWS KMS CMKs in different regions
- How to decrypt when you don't know the CMK
- How to decrypt within a region
- How to decrypt with a preferred region but failover to others
- How to use AWS KMS clients with custom configuration (details pending client supplier discussions)
- How to use different AWS KMS client for different regions (details pending client supplier discussions)
Raw keyrings
- How to use a raw AES wrapping key
- How to use a raw RSA wrapping key
- How to use a raw RSA wrapping key when the key is PEM or DER encoded
- How to encrypt with a raw RSA public key wrapping key without access to the private key
Multi-keyrings
Cryptographic Materials Managers
- How to reuse data keys across multiple messages
- How to restrict algorithm suites
- How to require encryption context fields
[1] https://github.com/aws/aws-encryption-sdk-python/tree/master/examples
[2] https://github.com/aws/aws-encryption-sdk-java/tree/master/src/examples