Skip to content

KeyIds definition is contradictory #68

New issue
New issue
Closed
Closed
KeyIds definition is contradictory#68
Assignees
acioc
Milestone
Spec 1.0 (Official Keyring Release)
@juneb

Description

@juneb
juneb
opened on Feb 11, 2020

The definition of key IDs in a KMS keyring is contraditory:
https://github.com/awslabs/aws-encryption-sdk-specification/blob/master/framework/kms-keyring.md#key-ids

  • "Key IDs is a list of strings identifying KMS CMKs, in ARN format." This is true only for C.
  • A CMK alias (e.g. "alias/MyCryptoKey") <<< not an ARN
  • A key id, which is valid in some languages (not C), is missing.
  • It does not use the correct KMS key ID format names (e.g. "alias name").
    https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
  • It implies that only ARNs must be well-formed. Why would we ever accept anything that isn't well-formed?

The definition of Generator has a similar issue:

  • The The string MUST be one of the following: list omits key ID, which is valid on encrypt in all languages except C.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions