Skip to content

Determine how/where/if the Raw RSA Keyring checks that public/private keys match #167

New issue
New issue
Open
Open
Determine how/where/if the Raw RSA Keyring checks that public/private keys match#167
Labels
Doc impactRequires a change to AWS documentation
Milestone
Spec 1.1
@MatthewBennington

Description

@MatthewBennington
MatthewBennington
opened on Jul 17, 2020

Follows issue #91

Definitions: "match", "matching pair" describe an interoperable RSA public key, and RSA private key (i.e. a ciphertext encrypted by the public key can be decrypted by the private key).

Background: The Raw RSA Keyring accepts a public key and/or a private key. When both keys are provided, it makes sense to ensure they match, and fail if they don't. However, checking if two keys match is a non-trivial operation (depending on language).

Several approaches have been proposed:

  • If public values are defined in the private key, check that they match the public key.
  • Add an optional input to the Raw RSA Keyring, which indicates it should check for a match by attempting to encrypt/decrypt a plaintext.
  • Create a separate API to allow customers to check for a match themselves (by attempting to encrypt/decrypt a plaintext).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Doc impactRequires a change to AWS documentation

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions