|
|
|
|
|
|
by mschout
1149 days ago
|
|
|
I also am confused somewhat here. With KMS, if you need to encrypt larger payloads, KMS itself is of no help except to generate a data key to use and you are left to either use AwsCrypto, or roll your own encryption using the data key which itself is encrypted by AWS KMS. If you happen to be using a language that does not have a port of the AwsCrypto library I am unclear if say AES CBC is okay or not. If you are able to use AwsCrypto with KMS, I am assuming that is the recommended pathway as that is the default that AWS provides and I am hoping that AWS has thought it through enough to have a sensible default. |
|
|