Closed ShockleyJE closed 3 months ago
We ended up searching GitHub globally, and were able to find references in the AWS Tough project, and work backwards from there. Using pem = 3
we are at least able to print the public key contents like so
let key = pem::encode_config(
&pem::Pem::new("PUBLIC_KEY".to_owned(),
blob.into_inner()
),pem::EncodeConfig::new().set_line_ending(pem::LineEnding::LF));
println!("{key:#?}");
Was able to create an RsaPublicKey eventually with rsa = 0.9.6
. Will contribute back a PR with full example
let response: aws_sdk_kms::operation::get_public_key::GetPublicKeyOutput = kms_client.get_public_key().key_id(kms_key_arn).send().await?;
let blob: Blob = response.public_key.expect("Expected successful response from KMS");
let pub_key = RsaPublicKey::from_public_key_der(blob.into_inner().as_ref())?;
@ShockleyJE Thanks for sharing your findings with everyone, that's very considerate. Make sure to submit your example PR to this repo: https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1
All the examples in this repo are copied from there.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the bug
Problem: I am able to authenticate, authorize, and successfully
send()
aget_public_key()
request, but cannot parse theBlob
returned by the AWS API into a format that is suitable to verify locally the signature of a payloadsign()
'ed with the corresponding private key.Expected Behavior
I expected to be able to parse the
Blob
returned bysend()
aget_public_key()
, by either..X509Certificate::from_der()
Blob
All of this is done with the overall expectation of being able to save the public key for offline verification
Current Behavior
Possible Solution
No response
Additional Information/Context
No response
Version
Environment details (OS name and version, etc.)
MacOS, Apple Silicon
Logs
Logs were included as comments in the example code.