I would like to generate and use the key-value pairs available with AWS KMS encryption context to verify cipher text integrity.

Encryption context name-value pairs used with AWS KMS encryption and decryption operations provide a method for checking cipher text authenticity. Although encryption context is not part of encoded cipher text, it is bound to the cipher text during encryption and must be passed when you call the Decrypt or ReEncrypt operations. In this scenario, decryption only works if the encryption context passed when calling Decrypt (or ReEncrypt) is identical to the encryption context established during encryption.

To learn more about using encryption context to protect the integrity of encrypted data, see Encryption Context and the post How to Protect the Integrity of Your Encrypted Data by Using AWS Key Management Service and EncryptionContext in the AWS Security Blog.

AWS Key Management Service, AWS KMS encryption context, verify cipher text, encryption context, protect integrity of encrypted data


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-02-26