search

aws / aws-encryption-sdk-java

AWS Encryption SDK
https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html
Apache License 2.0
224 stars 123 forks source link

Support EC Algorithms/Keys #352

Open MikeDombo opened 3 years ago

MikeDombo commented 3 years ago

Problem:

Currently elliptic curve keys do not work due to the "transform" wrapper requiring "RSA/ECB" algorithms which then results in the following stacktrace:

Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.ec.ECPublicKeyImpl
    at javax.crypto.Cipher.chooseProvider(Cipher.java:896)
    at javax.crypto.Cipher.init(Cipher.java:1399)
    at javax.crypto.Cipher.init(Cipher.java:1330)
    at com.amazonaws.encryptionsdk.internal.RsaJceKeyCipher.buildWrappingCipher(RsaJceKeyCipher.java:95)
    at com.amazonaws.encryptionsdk.internal.JceKeyCipher.encryptKey(JceKeyCipher.java:89)

EC keys are becoming more and more popular so it would be highly beneficial if we could use EC keys with the encryption SDK.

Solution:

Allow non-RSA/ECB algorithms for the wrapper in order to allow for EC-based algorithms such as "ECIESwithAES" provided by bouncycastle.

Out of scope:

Is there anything the solution will intentionally NOT address?

lavaleri commented 2 years ago

Thank you for the feedback @MikeDombo

You are correct that JceMasterKey only supports RSA as an option for an asymmetric wrapping algorithm. We do not have plans to directly add EC support here.

I'm keeping this issue open as a feature request, and we will update this issue if we have updates on support for EC as an option for wrapping algorithm.