Frequently Asked Questions¶
-
Does this solution use the AWS Encryption SDK?
No. The AWS Encryption SDK currently does not support the Rust programming language which is used by the application running within the Nitro Enclave.
-
Why doesn't this solution provide an encryption context when generating a data key pair from KMS?
Providing an encryption context is a best practice but unfortunately the
kmstool-enclave-cli
tool does not support (GitHub aws-nitro-enclaves-sdk-c#35) providing an encryption context when calling the KMS Decrypt API.Additional authenticated data (AAD) is provided when data is encrypted and decrypted and not referenced with the stored encrypted data.