Certified Security - Specialty

Sign Up Free or Log In to participate!

Import Key Material (SHA1 vs SHA256)

Any reason you show using RSAES_OAEP_SHA_1 vs. the AWS recommended RSAES_OAEP_SHA_256 which would be more secure? Reference https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf (pg.19). Also you are using the oldest supported version of openSSL?

4 Answers

The RSAES_OAEP_SHA_1 encryption algorithm works best with this example. Before running the example, make sure that you used RSAES_OAEP_SHA_1 for the wrapping algorithm in Step 2. If necessary, repeat the step to download and import the public key and token.


I must say that I also find this a bit perplexing as well, especially being this is a security course. Digging deeper in the documentation, AWS does not recommend using SHA1 in production and even explicitly states "The key material you import must be a 256-bit symmetric encryption key." The walk-though states to use SHA1 if you are using OpenSSL to generate the materials for a POC as OpenSSL is often buggy and poorly implements cryptography.

Bad part is even the course name is AWS Security specialty – 2020 but this videos seems using the concept which is minimum 2 years old. May be time to upload new video for this example in KMS part 3?

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?