Mismatched document about AWS Encryption SDK message format

[hyunsooda]

Hi, I'm testing encryption and decryption on AWS KMS using SDK libraries(Node.js and Python).

Encryption responses of all libraries are not mismatched with response structure described in document(https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#body-framed-final-tag).

For example, Reserved property should be 4 zero sequence bytes, but it seems not be appeared in response structure. and also, the Type property should be 128(0x80) which is positioned immediately after Version property, but it is not matched too.

My purpose is to extracting some information like an initialization vector, however I'm stuck due to the mismatched documentation.

Let me know if document was deprecated or something what I'm missing.

Thank you.

[acioc]

Apologies for the late response. The page you linked to was updated for our latest release, so the information might be a little different now. Can you please update your version of the AWS Encryption SDK to 1.7.x (or to 2.0.x following our migration guide: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/migration.html ) and try again.

The behavior you’re seeing implies an invalid authentication tag. Assuming you are encrypting using the AWS Encryption SDK, can you post a code sample of how you are calling encrypt and how are you checking the properties? You should only be seeing a mismatch if the header/contents are invalid.

Thanks!