search

aws / aws-nitro-enclaves-sdk-c

This repo provides a C API for AWS Nitro Enclaves, including a KMS SDK that integrates it with attestation.
Apache License 2.0
99 stars 74 forks source link

feat: add key_id & algorithm to kmstool-enclave-cli decrypt #85

Closed emperorhan closed 2 years ago

emperorhan commented 2 years ago

Modified to accept key-id and encryption-algorithm in aws_kms_decrypt_blocking API so that kmstool-enclave-cli can support kms rsa decryption.

eugkoira commented 2 years ago

With absence of integration tests, pending a manual check on our side

eugkoira commented 2 years ago

Verified manually

petreeftime commented 2 years ago

Sorry for taking this long with the review. LGTM, but could you please add a Signed-off-by in the commits? git rebase --signoff HEAD~2 should do this. Afterwards, I will merge.

aceeric commented 1 year ago

Folks - did this get reverted? Looking at https://github.com/aws/aws-nitro-enclaves-sdk-c/blob/main/bin/kmstool-enclave-cli/main.c, the default parse case for decrypt does not honor 'K'and so at a minimum, --key-id is not accepted in a decrypt operation... And in fact in my testing, I'm getting an error if I try to specify a --key-id 55f949e7-7bac-4c8b-9a11-324bbe281dd9:

Unknown option: 55f949e7-7bac-4c8b-9a11-324bbe281dd9

Please see: https://github.com/aws/aws-nitro-enclaves-sdk-c/pull/98