Compiling xks-proxy server using latest version of rust and scratchstack-aws-signature version =0.10.5 , the server returns a runtime error with key metadata endpoint where the key spec returns RSA_0 as the keyspec rather than AES_256 . The error is silent in nature and the aws-kms-xksproxy-test-client does not flag the issue but prints out the response with RSA_0 as the response.
This issue also stops the xks-server from being added to the AWS Account as a Custom Key Store as the keyspec does not match.
Solution:
Without diving into the root cause of the issue, changing rust version to 1.75.0 fixes the runtime issue and the correct keyspec of AES_256 is returned.
HarshVaragiya
commented
1 month ago
Problem:
Compiling xks-proxy server using latest version of rust and scratchstack-aws-signature version
=0.10.5, the server returns a runtime error with key metadata endpoint where the key spec returns RSA_0 as the keyspec rather than AES_256 . The error is silent in nature and the aws-kms-xksproxy-test-client does not flag the issue but prints out the response with RSA_0 as the response.This issue also stops the xks-server from being added to the AWS Account as a Custom Key Store as the keyspec does not match.
Solution:
Without diving into the root cause of the issue, changing rust version to 1.75.0 fixes the runtime issue and the correct keyspec of AES_256 is returned.