Closed mattsb42-aws closed 4 years ago
Same meaning. Slightly different words:
Either "halting error" or "stops execution" sounds too severe for me. That seems to imply stopping the whole executing process (e.g. a Java System.exit()
) which would be an overreaction.
It should be more than enough to just fail to construct the keyring. That will be easy to specify in the documentation for a particular language, but I'm not sure how to word it in the specification. To date we just state requirements directly, such as "If the list of children keyrings is empty, a generator keyring MUST be defined for the keyring" for a multi-keyring. Maybe we should state this in a similar way.
The JS ESDK does not do nothing. If it does not have a public key, it will throw on encrypt.
Agreed; failing on encrypt if the public key is not available is the correct thing to do. I've updated the description to correct that.
Hum, even on decrypt it should throw. If it does not, then the customer could get a strange error, because the material will not have a plaintext data key, but it will not know why.
This is similar to #40 i.e. if wrapped in a multi keyring (or even on its own) this error is not helpful and far from the source :(
Encrypt | Decrypt | |
---|---|---|
No Private Key | attempt | ~no-op?~ fail |
No Public Key | fail | attempt |
Need to determine exactly what the behavior in the "no private key - decrypt" case should be. We should aim for consistency among the keyrings, so this should depend on the outcome of #40.
IMO the behavior should be symmetrical. If we do not want to decrypt if we do not have an explicit public key, we should fail, not no-op.
I assume you mean private key?
I think I agree with that statement. However, it is in conflict with the current Keyring Interface specification.
If the keyring did not attempt [to decrypt a datakey], the keyring MUST output the decryption materials unmodified.
Synced offline: that element of the keyring-interface is going to be changed soon. Failure makes the most sense.
There are a few points that we need to clarify regarding the raw RSA keyring inputs: