Want to import key material that is 64 bytes in size into a HMAC_SHA_256 KMS

I am attempting to import a 64 byte key for HMAC_SHA_256 KMS, from the cli, and I get the error

An error occurred (InvalidCiphertextException) when calling the ImportKeyMaterial operation:

I have run the same commands with a 32 byte key without issue, and the documentation from AWS implies that they only support 32 byte keys for SHA_256, 64 byte for SHA_512 etc.

However, as per the HMAC_SHA_256 spec, it has a block size of 512 bit, and can therefore support keys of up to 64 bit without issue (and larger, but will , and in fact Java, C# etc all support this. Why doesn't AWS allow this?

Topics

Security, Identity, & Compliance

Relevant content

AWS Customer Managed KMS replica - key material import
Accepted Answer
ilona-savinova
asked 10 months ago
Signing >4096 byte Messages With KMS Asymmetric Key Pair
mford
asked a year ago
Unable to import an RSA 2048 private key to KMS
Webfork
asked 7 months ago
What is KMS Key Material?
Accepted Answer
MiqLab3251
asked 9 months ago
Do I need to specify the AWS KMS key when I download a KMS-encrypted object from Amazon S3?
AWS OFFICIALUpdated a year ago
Should I use an AWS KMS managed key or a customer managed KMS key to encrypt my objects on Amazon S3?
AWS OFFICIALUpdated 2 years ago
How do I import my keys into AWS Key Management Service?
AWS OFFICIALUpdated 4 months ago
How do I resolve the "InvalidCiphertext" error when I try to use OpenSSL to import my key into AWS KMS?
AWS OFFICIALUpdated 17 days ago
Why do I get an error "The snapshot is currently in use by AMI" when I try to delete an EBS snapshot, even though there is no AMI on the account?
EXPERT
dnyanesh-db
published 4 months ago
How to use JWT tokens for authorization with AWS KMS in NodeJs Lambdas
EXPERT
Antonio_Lagrotteria
published a month ago