AWS cloudhsm documentation change
Summary
Added --data-type parameter documentation specifying input data format requirements
Security assessment
Documents proper data handling for RSA-PKCS-PSS signatures, ensuring correct hashing process. Enhances security documentation but doesn't reference a specific vulnerability fix.
Diff
diff --git a/cloudhsm/latest/userguide/cloudhsm_cli-crypto-sign-rsa-pkcs-pss.md b/cloudhsm/latest/userguide/cloudhsm_cli-crypto-sign-rsa-pkcs-pss.md index 758621014..b43298582 100644 --- a//cloudhsm/latest/userguide/cloudhsm_cli-crypto-sign-rsa-pkcs-pss.md +++ b//cloudhsm/latest/userguide/cloudhsm_cli-crypto-sign-rsa-pkcs-pss.md @@ -49,0 +50 @@ The following types of users can run this command. + --data-type <DATA_TYPE> The type of data passed in, either raw or digest [possible values: raw, digest] @@ -171,0 +173,14 @@ Specifies the file path to a signed quorum token file to approve operation. Only +**`<DATA_TYPE>`** + + +Specifies whether the value of the data parameter should be hashed as part of the signing algorithm. Use `raw` for unhashed data; use `digest` for digests, which are already hashed. + +Valid values: + + * raw + + * digest + + + +