AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-06-28 · Documentation low

File: kms/latest/developerguide/example_kms_Verify_section.md

Summary

Added explicit instructions about AWS CLI v2 message encoding requirements and file handling

Security assessment

The update improves documentation clarity around message encoding requirements but does not address security vulnerabilities or document new security features. Proper encoding is a standard operational requirement rather than a security fix.

Diff

diff --git a/kms/latest/developerguide/example_kms_Verify_section.md b/kms/latest/developerguide/example_kms_Verify_section.md
index e1e949063..3d05c790b 100644
--- a//kms/latest/developerguide/example_kms_Verify_section.md
+++ b//kms/latest/developerguide/example_kms_Verify_section.md
@@ -17 +17,5 @@ CLI
-The following `verify` example verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message. The signature that you specify cannot be base64-encoded. For help decoding the signature that the `sign` command returns, see the `sign` command examples.
+The following `verify` command verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message.
+
+In AWS CLI v2, the value of the `message` parameter must be Base64-encoded. Or, you can save the message in a file and use the `fileb://` prefix, which tells the AWS CLI to read binary data from the file.
+
+The signature that you specify cannot be base64-encoded. For help decoding the signature that the `sign` command returns, see the `sign` command examples.