I have an RSA 2048 private key in the following format:
-----BEGIN PRIVATE KEY-----
<Key Content>
-----END PRIVATE KEY-----
I tried to import this to KMS using the RSA_AES_KEY_WRAP_SHA_256 Algorithm. But I am getting the following error: ImportKeyMaterial request failed
InvalidCiphertextException
I followed the documentation at: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html
The commands I ran are as follows:
openssl rand -out aes-key.bin 32
openssl enc -id-aes256-wrap-pad -K "$(xxd -p < aes-key.bin | tr -d '\n')" -iv A65959A6 -in clearbank.key -out key-material-wrapped.bin
openssl pkeyutl -encrypt -in aes-key.bin -out aes-key-wrapped.bin -inkey WrappingPublicKey.bin -keyform DER -pubin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256
cat aes-key-wrapped.bin key-material-wrapped.bin > EncKey.bin
My private key file name is: clearbank.key.
Please help me. This is very urgent.
PS: This key if for signing and I am working in the management console not CLI.