Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mutations/tony/decrypt encrypt strat #1043

Draft
wants to merge 8 commits into
base: mutations/mutations
Choose a base branch
from
Draft

Mutations/tony/decrypt encrypt strat #1043

wants to merge 8 commits into from

Conversation

texastony
Copy link
Contributor

Issue #, if available:

Description of changes:

Squash/merge commit message, if applicable:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions GitHub Actions
Copy link

Detected changes to the release files or to the check-files action

@github-actions GitHub Actions
Copy link

Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS

texastony
texastony commented Nov 22, 2024
View reviewed changes
Copy link
Contributor Author

@texastony texastony left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments that will get thrown away later.

AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/src/KMSKeystoreOperations.dfy
@@ -291,6 +291,111 @@ module {:options "/functionSyntax:4" } KMSKeystoreOperations {
return Success(reEncryptResponse);
}

method VerifyViaDecryptEncryptKey(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Praise: this is great.
Having a KMS Configuration means we can use it for VersionKey in the future.
You have raised the bar.

AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/test/Fixtures.dfy Show resolved Hide resolved
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStoreAdmin/Model/KeyStoreAdmin.smithy
Comment on lines +163 to +171
"Key Store Items are authenticated and re-wrapped via a Decrypt and then Encrypt request.
This is two separate requests to Key Management, as compared to one.
But the Decrypt requests will use the Decrypt KMS Client (and Grant Tokens),
while the Encrypt requests will use the Encrypt KMS Client (and Grant Tokens).
This option affords for different credentials to be utilized,
based on the operation.
When Generating new material,
KMS GenerateDataKeyWithoutPlaintext will be executed against
the Encrypt option.")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to revise this documentation to detail how Verify works.

@github-actions GitHub Actions
Copy link

@texastony and @texastony, I noticed you are updating the smithy model files.
Does this update need new or updated user documentation?
Are you adding constraints inside list, map or union? Do you know about this issue: smithy-lang/smithy-dafny#491?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@texastony @josecorella