KMS: Fix method for specifying custom key material #1482

ainoya · 2024-09-14T05:43:03Z

In the previous documentation, it was possible to create a key, but when running kms encrypt, the error Invalid key size (136) for AES. would occur. I've updated the documentation to ensure that the key is generated with a size of 32 bytes.

Example:

$ echo 'c3VwZXIgc2VjcmV0IGtleQo=' | base64 -d
super secret key
$ awslocal kms create-key --tags '[{"TagKey":"_custom_key_material_","TagValue":"c3VwZXIgc2VjcmV0IGtleQo="}]'
{
    "KeyMetadata": {
        "AWSAccountId": "000000000000",
        "KeyId": "74a102af-5a49-40bb-bac6-530e7c0cb9cd",
        "Arn": "arn:aws:kms:ap-northeast-1:000000000000:key/74a102af-5a49-40bb-bac6-530e7c0cb9cd",
        "CreationDate": "2024-09-14T14:37:48.238508+09:00",
        "Enabled": true,
        "Description": "",
        "KeyUsage": "ENCRYPT_DECRYPT",
        "KeyState": "Enabled",
        "Origin": "AWS_KMS",
        "KeyManager": "CUSTOMER",
        "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
        "KeySpec": "SYMMETRIC_DEFAULT",
        "EncryptionAlgorithms": [
            "SYMMETRIC_DEFAULT"
        ],
        "MultiRegion": false
    }
}

$ awslocal kms encrypt --key-id 74a102af-5a49-40bb-bac6-530e7c0cb9cd --plaintext supersecret --output text --query CiphertextBlob --cli-binary-format raw-in-base64-out 

An error occurred (InternalError) when calling the Encrypt operation (reached max retries: 2): exception while calling kms.Encrypt: Invalid key size (136) for AES.

github-actions · 2024-09-14T05:43:14Z

⚡️ Deploying PR Preview...

sannya-singal

Thanks for pointing this out 🙌 🚀 I have requested some changes regarding the custom key material we use to create a key, once thats fixed we can merge the PR.

sannya-singal · 2024-09-19T08:42:37Z

content/en/user-guide/aws/kms/index.md

-super secret key
-</disable-copy>
-$ awslocal kms create-key --tags '[{"TagKey":"_custom_key_material_","TagValue":"c3VwZXIgc2VjcmV0IGtleQo="}]'
+$ CUSTOM_KEY_MATERIAL=$(openssl rand -base64 32)


I would rather keep the format intact and change the string to thisisasecurekey which would give me dGhpc2lzYXNlY3VyZWtleQ==.

@sannya-singal Apologies for the delayed response. I've made the correction as you suggested.

sannya-singal

Hey @ainoya, let me know if something is not clear or you need help, happy to assist :)

sannya-singal

Thanks for fixing the reviews, changes LGTM 🎉

KMS: Fix method for specifying custom key material

eae58ef

ainoya requested a review from sannya-singal as a code owner September 14, 2024 05:43

sannya-singal requested changes Sep 19, 2024

View reviewed changes

sannya-singal reviewed Sep 20, 2024

View reviewed changes

keep format

d61b552

ainoya requested a review from sannya-singal September 21, 2024 23:28

sannya-singal approved these changes Sep 23, 2024

View reviewed changes

sannya-singal merged commit 2622fb8 into localstack:main Sep 23, 2024
4 checks passed

ainoya deleted the patch-1 branch September 23, 2024 09:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KMS: Fix method for specifying custom key material #1482

KMS: Fix method for specifying custom key material #1482

ainoya commented Sep 14, 2024

github-actions bot commented Sep 14, 2024 •

edited

Loading

sannya-singal left a comment

sannya-singal Sep 19, 2024

ainoya Sep 21, 2024

sannya-singal left a comment

sannya-singal left a comment

KMS: Fix method for specifying custom key material #1482

KMS: Fix method for specifying custom key material #1482

Conversation

ainoya commented Sep 14, 2024

github-actions bot commented Sep 14, 2024 • edited Loading

sannya-singal left a comment

Choose a reason for hiding this comment

sannya-singal Sep 19, 2024

Choose a reason for hiding this comment

ainoya Sep 21, 2024

Choose a reason for hiding this comment

sannya-singal left a comment

Choose a reason for hiding this comment

sannya-singal left a comment

Choose a reason for hiding this comment

github-actions bot commented Sep 14, 2024 •

edited

Loading