Closed emperorhan closed 2 years ago
With absence of integration tests, pending a manual check on our side
Verified manually
Sorry for taking this long with the review. LGTM, but could you please add a Signed-off-by
in the commits? git rebase --signoff HEAD~2
should do this. Afterwards, I will merge.
Folks - did this get reverted? Looking at https://github.com/aws/aws-nitro-enclaves-sdk-c/blob/main/bin/kmstool-enclave-cli/main.c, the default parse case for decrypt
does not honor 'K'
and so at a minimum, --key-id
is not accepted in a decrypt operation... And in fact in my testing, I'm getting an error if I try to specify a --key-id 55f949e7-7bac-4c8b-9a11-324bbe281dd9
:
Unknown option: 55f949e7-7bac-4c8b-9a11-324bbe281dd9
Please see: https://github.com/aws/aws-nitro-enclaves-sdk-c/pull/98
Modified to accept key-id and encryption-algorithm in aws_kms_decrypt_blocking API so that kmstool-enclave-cli can support kms rsa decryption.