AWS KMS ECDH keyrings
Important
The AWS KMS ECDH keyring is only available with version 4.x of the AWS Encryption SDK for .NET and version 3.x of the AWS Encryption SDK for Java. The AWS KMS ECDH keyring is introduced in version 1.5.0 of the Material Providers Library.
An AWS KMS ECDH keyring uses asymmetric key agreement AWS KMS keys to derive a shared
symmetric wrapping key between two parties. First, the keyring uses the Elliptic
Curve Diffie-Hellman (ECDH) key agreement algorithm to derive a shared secret from
the private key in the sender's KMS key pair and the recipient's public key. Then,
the keyring uses the shared secret to derive the shared wrapping key that protects
your data encryption keys. The key derivation function that the AWS Encryption SDK uses
(KDF_CTR_HMAC_SHA384
) to derive the shared wrapping key conforms to
NIST recommendations for key derivation
The key derivation function returns 64 bytes of keying material. To ensure that both parties use the correct keying material, the AWS Encryption SDK uses the first 32 bytes as a commitment key and the last 32 bytes as the shared wrapping key. On decrypt, if the keyring cannot reproduce the same commitment key and shared wrapping key that is stored on the message header ciphertext, the operation fails. For example, if you encrypt data with a keyring configured with Alice's private key and Bob's public key, a keyring configured with Bob's private key and Alice's public key will reproduce the same commitment key and shared wrapping key and be able to decrypt the data. If Bob's public key is not from a KMS key pair, then Bob can create a Raw ECDH keyring to decrypt the data.
The AWS KMS ECDH keyring encrypts data with a symmetric key using AES-GCM. The data key is then envelope encrypted with the derived shared wrapping key using AES-GCM. Each AWS KMS ECDH keyring can have only one shared wrapping key, but you can include multiple AWS KMS ECDH keyrings, alone or with other keyrings, in a multi-keyring.
Topics
Required permissions for AWS KMS ECDH keyrings
The AWS Encryption SDK doesn't require an AWS account and it doesn't depend on any AWS service. However, to use an AWS KMS ECDH keyring, you need an AWS account and the following minimum permissions on the AWS KMS keys in your keyring. The permissions vary based on which key agreement schema you use.
-
To encrypt and decrypt data using the
KmsPrivateKeyToStaticPublicKey
key agreement schema, you need kms:GetPublicKey and kms:DeriveSharedSecret on the sender's asymmetric KMS key pair. If you directly provide the sender's DER-encoded public key when you instantiate your keyring, you only need kms:DeriveSharedSecret permission on the sender's asymmetric KMS key pair. -
To decrypt data using the
KmsPublicKeyDiscovery
key agreement schema, you need kms:DeriveSharedSecret and kms:GetPublicKey permissions on the specified asymmetric KMS key pair.
Creating an AWS KMS ECDH keyring
To create an AWS KMS ECDH keyring that encrypts and decrypts data, you must use
the KmsPrivateKeyToStaticPublicKey
key agreement schema. To
initialize an AWS KMS ECDH keyring with the
KmsPrivateKeyToStaticPublicKey
key agreement schema, provide
the following values:
-
Sender's AWS KMS key ID
Must identify an asymmetric NIST-recommended elliptic curve (ECC) KMS key pair with a
KeyUsage
value ofKEY_AGREEMENT
. The sender's private key is used to derive the shared secret. -
(Optional) Sender's public key
Must be a DER-encoded X.509 public key, also known as
SubjectPublicKeyInfo
(SPKI), as defined in RFC 5280. The AWS KMS GetPublicKey operation returns the public key of an asymmetric KMS key pair in the required DER-encoded format.
To reduce the number of AWS KMS calls that your keyring makes, you can directly provide the sender's public key. If no value is provided for the sender's public key, the keyring calls AWS KMS to retrieve the sender's public key.
-
Recipient's public key
You must provide the recipient's DER-encoded X.509 public key, also known as
SubjectPublicKeyInfo
(SPKI), as defined in RFC 5280. The AWS KMS GetPublicKey operation returns the public key of an asymmetric KMS key pair in the required DER-encoded format.
-
Curve specification
Identifies the elliptic curve specification in the specified key pairs. Both the sender and recipient's key pairs must have the same curve specification.
Valid values:
ECC_NIST_P256
,ECC_NIS_P384
,ECC_NIST_P512
-
(Optional) A list of Grant Tokens
If you control access to the KMS key in your AWS KMS ECDH keyring with grants, you must provide all necessary grant tokens when you initialize the keyring.
Creating an AWS KMS ECDH discovery keyring
When decrypting, it's a best practice to specify the keys that the AWS Encryption SDK
can use. To follow this best practice, use an AWS KMS ECDH keyring with the
KmsPrivateKeyToStaticPublicKey
key agreement schema. However,
you can also create an AWS KMS ECDH discovery keyring, that is, an AWS KMS ECDH
keyring that can decrypt any message where the public key of the specified
KMS key pair matches the recipient's public key stored on
the message ciphertext.
Important
When you decrypt messages using the KmsPublicKeyDiscovery
key
agreement schema, you accept all public keys, regardless of who owns
it.
To initialize an AWS KMS ECDH keyring with the
KmsPublicKeyDiscovery
key agreement schema, provide the
following values:
-
Recipient's AWS KMS key ID
Must identify an asymmetric NIST-recommended elliptic curve (ECC) KMS key pair with a
KeyUsage
value ofKEY_AGREEMENT
. -
Curve specification
Identifies the elliptic curve specification in the recipient's KMS key pair.
Valid values:
ECC_NIST_P256
,ECC_NIS_P384
,ECC_NIST_P512
-
(Optional) A list of Grant Tokens
If you control access to the KMS key in your AWS KMS ECDH keyring with grants, you must provide all necessary grant tokens when you initialize the keyring.