AWS Security ChangesHomeSearch

AWS cloudhsm documentation change

Service: cloudhsm · 2025-06-28 · Documentation medium

File: cloudhsm/latest/userguide/cloudhsm_cli-crypto-verify-rsa-pkcs-pss.md

Summary

Added --data-type parameter documentation for verification input handling

Security assessment

Documents proper data type handling during verification to maintain cryptographic integrity. No evidence of addressing a specific security incident.

Diff

diff --git a/cloudhsm/latest/userguide/cloudhsm_cli-crypto-verify-rsa-pkcs-pss.md b/cloudhsm/latest/userguide/cloudhsm_cli-crypto-verify-rsa-pkcs-pss.md
index 00fa650fe..47ec63cd2 100644
--- a//cloudhsm/latest/userguide/cloudhsm_cli-crypto-verify-rsa-pkcs-pss.md
+++ b//cloudhsm/latest/userguide/cloudhsm_cli-crypto-verify-rsa-pkcs-pss.md
@@ -64,0 +65,2 @@ The following types of users can run this command.
+          --data-type <DATA_TYPE>
+              The type of data passed in, either raw or digest [possible values: raw, digest]
@@ -202,0 +205,14 @@ Required: Yes (unless provided through signature path)
+**`<DATA_TYPE>`**
+    
+
+Specifies whether the value of the data parameter should be hashed as part of the signing algorithm. Use `raw` for unhashed data; use `digest` for digests, which are already hashed. 
+
+Valid values:
+
+  * raw
+
+  * digest
+
+
+
+