AWS code-library documentation change
Summary
Added explicit instructions for AWS CLI v2 message handling and clarified signature encoding requirements
Security assessment
The changes improve documentation clarity about message encoding requirements but do not address security vulnerabilities or introduce new security features. The emphasis on proper encoding is a standard practice rather than a security fix.
Diff
diff --git a/code-library/latest/ug/kms_example_kms_Verify_section.md b/code-library/latest/ug/kms_example_kms_Verify_section.md index c3a7bcbe1..8252b201d 100644 --- a//code-library/latest/ug/kms_example_kms_Verify_section.md +++ b//code-library/latest/ug/kms_example_kms_Verify_section.md @@ -19 +19,5 @@ CLI -The following `verify` example verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message. The signature that you specify cannot be base64-encoded. For help decoding the signature that the `sign` command returns, see the `sign` command examples. +The following `verify` command verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message. + +In AWS CLI v2, the value of the `message` parameter must be Base64-encoded. Or, you can save the message in a file and use the `fileb://` prefix, which tells the AWS CLI to read binary data from the file. + +The signature that you specify cannot be base64-encoded. For help decoding the signature that the `sign` command returns, see the `sign` command examples.