awslabs/aws-encryption-sdk-specification

Issues

• AWS Encryption SDK support for Go

  #250 opened 2 years ago by brianterry
  3

• provide public API for unpacking a header without decrypting a message

  #236 opened 3 years ago by farleyb-amazon
  2

• Make Duvet public

  #240 opened 3 years ago by alex-chew
  0

• MBedTLS support

  #237 opened 3 years ago by disa6302
  0

• Feature request: add option to immediately validate ciphertext by decrypting it

  #235 opened 3 years ago by farleyb-amazon
  0

• Update specification to add key commitment

  #231 opened 4 years ago by robin-aws
  0

• Implementation: Hold final frame plaintext on Decrypt until signature verifies

  #184 opened 4 years ago by lavaleri
  0

• How to reduce payload size/take advantage of data structure?

  #230 opened 4 years ago by robin-aws
  0

• Mismatched document about AWS Encryption SDK message format

  #227 opened 4 years ago by hyunsooda
  1

• Using KMS envelope encryption with keys from different AWS partitions

  #219 opened 4 years ago by ohadbenita
  2

• Allow for non-sequential frame IV values in decryption

  #229 opened 4 years ago by robin-aws
  0

• We love Big Endian

  #228 opened 4 years ago by seebees
  0

• implementation: keyrings MUST fail if they refuse to take action

  #226 opened 4 years ago by mattsb42-aws
  0

• Implementation: Fix maxBodySize Decrypt input to be inclusive

  #183 opened 4 years ago by lavaleri
  0

• Implementation: Add maxHeaderSize Decrypt input

  #182 opened 4 years ago by lavaleri
  0

• implementation: follow-up to refactoring CMC spec

  #192 opened 4 years ago by alex-chew
  0

• Raw RSA Keyring doc security considerations

  #207 opened 4 years ago by lavaleri
  0

• Raw AES Keyring doc security considerations

  #206 opened 4 years ago by lavaleri
  0

• KMS Keyring doc security considerations

  #204 opened 4 years ago by lavaleri
  0

• Algorithm Suites doc security consideration section

  #201 opened 4 years ago by lavaleri
  0

• Message Header doc security considerations

  #200 opened 4 years ago by lavaleri
  0

• Test Vectors for Message Format

  #199 opened 4 years ago by lavaleri
  0

• Encrypt doc security considerations

  #196 opened 4 years ago by lavaleri
  0

• implementation: return nothing from Put Cache Entry in CMC

  #221 opened 4 years ago by alex-chew
  0

• (grammar) Standardize useage of possesive form of "decryption materials"

  #218 opened 4 years ago by MatthewBennington
  0

• Multi Keyring doc security considerations

  #205 opened 4 years ago by lavaleri
  1

• Caching CMM doc Security Considerations

  #203 opened 4 years ago by lavaleri
  0

• Algorithm Suites test vectors

  #202 opened 4 years ago by lavaleri
  0

• Add unframed example bytes to Message Body doc

  #198 opened 4 years ago by lavaleri
  0

• Message Body AAD doc security considerations

  #197 opened 4 years ago by lavaleri
  0

• Default CMM should not be modifying input encryption context

  #175 opened 4 years ago by robin-aws
  0

• move spec doc versions into yaml metadata

  #193 opened 4 years ago by mattsb42-aws
  0

• Implementation: Encrypt input maxPlaintextSize is NOT passed to CMM is plaintext length is known

  #180 opened 4 years ago by lavaleri
  0

• define standard no-op keyring errors

  #164 opened 4 years ago by mattsb42-aws
  0

• Implementation: standarize "key name" input type

  #191 opened 4 years ago by MatthewBennington
  0

• define decryption contracts for all keyrings

  #185 opened 4 years ago by mattsb42-aws
  0

• define decryption contract for AWS KMS discovery keyring

  #190 opened 4 years ago by mattsb42-aws
  0

• define decryption contract for single-CMK AWS KMS keyring

  #189 opened 4 years ago by mattsb42-aws
  0

• define decryption contract for raw RSA keyring

  #188 opened 4 years ago by mattsb42-aws
  0

• define decryption contract for raw AES keyring

  #187 opened 4 years ago by mattsb42-aws
  0

• Implementation: Raw AES Keyring MUST fail when given unserializable EC

  #174 opened 4 years ago by MatthewBennington
  0

• Clarify what an "incompatible API change" is for a specification

  #173 opened 4 years ago by robin-aws
  0

• implementation: detecting base64-encoded messages

  #169 opened 4 years ago by robin-aws
  0

• implementation: Reserve “aws-crypto-“ in EC input to encrypt

  #172 opened 4 years ago by robin-aws
  0

• Implementation: Raw keyrings MUST NOT accept a key namespace of "aws-kms"

  #171 opened 4 years ago by MatthewBennington
  0

• implementation: Require generation in the multi-keyring

  #170 opened 4 years ago by robin-aws
  0

• Determine how/where/if the Raw RSA Keyring checks that public/private keys match

  #167 opened 4 years ago by MatthewBennington
  0

• implementation: re-designing the AWS KMS keyring

  #165 opened 4 years ago by acioc
  0

• Move exact algorithm specifics from encrypt/decrypt into algorithm-suites

  #162 opened 4 years ago by lavaleri
  0

• Generalize "Encrypted Data Key" term

  #158 opened 4 years ago by robin-aws
  2