AWS cli documentation change
Summary
Clarified message encoding requirements for AWS CLI v2 in verify command documentation
Security assessment
The change adds explicit guidance about Base64-encoding requirements and file handling for message verification. While this improves security documentation by clarifying proper usage, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/cli/latest/reference/kms/verify.md b/cli/latest/reference/kms/verify.md index 389a99e03..39822d2b3 100644 --- a//cli/latest/reference/kms/verify.md +++ b//cli/latest/reference/kms/verify.md @@ -15 +15 @@ - * [AWS CLI 2.27.42 Command Reference](../../index.html) » + * [AWS CLI 2.27.45 Command Reference](../../index.html) » @@ -327 +327,5 @@ Unless otherwise stated, all examples have unix-like quotation rules. These exam -The following `verify` example verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message. The signature that you specify cannot be base64-encoded. For help decoding the signature that the `sign` command returns, see the `sign` command examples. +The following `verify` command verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message. + +In AWS CLI v2, the value of the `message` parameter must be Base64-encoded. Or, you can save the message in a file and use the `fileb://` prefix, which tells the AWS CLI to read binary data from the file. + +The signature that you specify cannot be base64-encoded. For help decoding the signature that the `sign` command returns, see the `sign` command examples. @@ -378 +382 @@ SigningAlgorithm -> (string) - * [AWS CLI 2.27.42 Command Reference](../../index.html) » + * [AWS CLI 2.27.45 Command Reference](../../index.html) »