I am attempting to import a 64 byte key for HMAC_SHA_256 KMS, from the cli, and I get the error
An error occurred (InvalidCiphertextException) when calling the ImportKeyMaterial operation:
I have run the same commands with a 32 byte key without issue, and the documentation from AWS implies that they only support 32 byte keys for SHA_256, 64 byte for SHA_512 etc.
However, as per the HMAC_SHA_256 spec, it has a block size of 512 bit, and can therefore support keys of up to 64 bit without issue (and larger, but will , and in fact Java, C# etc all support this. Why doesn't AWS allow this?
AWS 官方已更新 3 年前