AWS cloudhsm documentation change
Summary
Added data-type parameter documentation for verification process
Security assessment
Ensures verification process matches signing data handling, preventing signature validation bypasses. Security best practice documentation rather than vulnerability fix.
Diff
diff --git a/cloudhsm/latest/userguide/cloudhsm_cli-crypto-verify-ecdsa.md b/cloudhsm/latest/userguide/cloudhsm_cli-crypto-verify-ecdsa.md index 41cd684e8..995db58eb 100644 --- a//cloudhsm/latest/userguide/cloudhsm_cli-crypto-verify-ecdsa.md +++ b//cloudhsm/latest/userguide/cloudhsm_cli-crypto-verify-ecdsa.md @@ -64,0 +65,2 @@ The following types of users can run this command. + --data-type <DATA_TYPE> + The type of data passed in, either raw or digest [possible values: raw, digest] @@ -172,0 +175,14 @@ Required: Yes (unless provided through signature path) +**`<DATA_TYPE>`** + + +Specifies whether the value of the data parameter should be hashed as part of the signing algorithm. Use `raw` for unhashed data; use `digest` for digests, which are already hashed. + +Valid values: + + * raw + + * digest + + + +