Extract KMS key ID from ciphertext #442
-
|
Apparently KMS can decrypt a ciphertext even without the key ID, because the key ID is stored in the ciphertext metadata. Is there a way to extract that key ID from the ciphertext blob? Reason is, I have a ciphertext blob that was encrypted by one of the dozens of keys I have access to (in about 10 different accounts). I could just try each account, I guess, but I'd rather just know the key ID, if that's possible. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
As far as I know, we don't have any SDK-specific capability for doing so. It's possible that you might find a method to read the metadata but I can't seem to find anything showing how to do it; Only some search results saying it can be done. Looking at the KMS Decrypt API, it seems that the key ID isn't required for things encrypted with a symmetric key. Maybe that applies to your case? Sorry I couldn't be of more help. |
Beta Was this translation helpful? Give feedback.
As far as I know, we don't have any SDK-specific capability for doing so. It's possible that you might find a method to read the metadata but I can't seem to find anything showing how to do it; Only some search results saying it can be done. Looking at the KMS Decrypt API, it seems that the key ID isn't required for things encrypted with a symmetric key. Maybe that applies to your case?
Sorry I couldn't be of more help.