AWS Key Management Service
Developer Guide

Authenticated Encryption

Authenticated encryption provides confidentiality, data integrity, and authenticity assurances on encrypted data. The Encrypt API takes plaintext, a customer master key (CMK) identifier, and an encryption context and returns ciphertext. The encryption context represents additional authenticated data (AAD). The encryption process uses the AAD only to generate an authentication tag. The tag is included with the output ciphertext and used as input to the decryption process. This means that the encryption context that you supply to the Decrypt API must be the same as the encryption context you supply to the Encrypt API. Otherwise, the encryption and decryption tags will not match, and the decryption process will fail to produce plaintext. Further, if any one of the parameters has been tampered with—specifically if the ciphertext has been altered—the authentication tag will not compute to the same value that it did during encryption. The decryption process will fail and the ciphertext will not be decrypted.

Encryption context is AWS KMS's implementation of authenticated encryption or AAD. To learn how to use encryption context to protect the integrity of encrypted data, see the post How to Protect the Integrity of Your Encrypted Data by Using AWS Key Management Service and EncryptionContext on the AWS Security Blog.