AWS cli documentation change
Summary
Updated terminology from 'NIST-recommended' to 'NIST-standard' elliptic curves in multiple sections
Security assessment
The change clarifies compliance with NIST standards but does not address a specific security vulnerability or weakness. It appears to be a documentation accuracy improvement rather than a security fix.
Diff
diff --git a/cli/latest/reference/kms/derive-shared-secret.md b/cli/latest/reference/kms/derive-shared-secret.md index 65b08ae97..68ec70163 100644 --- a//cli/latest/reference/kms/derive-shared-secret.md +++ b//cli/latest/reference/kms/derive-shared-secret.md @@ -15 +15 @@ - * [AWS CLI 2.31.31 Command Reference](../../index.html) » + * [AWS CLI 2.31.32 Command Reference](../../index.html) » @@ -64 +64 @@ Derives a shared secret using a key agreement algorithm. -You must use an asymmetric NIST-recommended elliptic curve (ECC) or SM2 (China Regions only) KMS key pair with a `KeyUsage` value of `KEY_AGREEMENT` to call DeriveSharedSecret. +You must use an asymmetric NIST-standard elliptic curve (ECC) or SM2 (China Regions only) KMS key pair with a `KeyUsage` value of `KEY_AGREEMENT` to call DeriveSharedSecret. @@ -70,2 +70,2 @@ The following workflow demonstrates how to establish key agreement over an insec - * **Alice** calls CreateKey to create an asymmetric KMS key pair with a `KeyUsage` value of `KEY_AGREEMENT` . The asymmetric KMS key must use a NIST-recommended elliptic curve (ECC) or SM2 (China Regions only) key spec. - * **Bob** creates an elliptic curve key pair. Bob can call CreateKey to create an asymmetric KMS key pair or generate a key pair outside of KMS. Bob’s key pair must use the same NIST-recommended elliptic curve (ECC) or SM2 (China Regions ony) curve as Alice. + * **Alice** calls CreateKey to create an asymmetric KMS key pair with a `KeyUsage` value of `KEY_AGREEMENT` . The asymmetric KMS key must use a NIST-standard elliptic curve (ECC) or SM2 (China Regions only) key spec. + * **Bob** creates an elliptic curve key pair. Bob can call CreateKey to create an asymmetric KMS key pair or generate a key pair outside of KMS. Bob’s key pair must use the same NIST-standard elliptic curve (ECC) or SM2 (China Regions ony) curve as Alice. @@ -85 +85 @@ KMS strongly recommends verifying that the public key you receive came from the -To derive a shared secret you must provide a key agreement algorithm, the private key of the caller’s asymmetric NIST-recommended elliptic curve or SM2 (China Regions only) KMS key pair, and the public key from your peer’s NIST-recommended elliptic curve or SM2 (China Regions only) key pair. The public key can be from another asymmetric KMS key pair or from a key pair generated outside of KMS, but both key pairs must be on the same elliptic curve. +To derive a shared secret you must provide a key agreement algorithm, the private key of the caller’s asymmetric NIST-standard elliptic curve or SM2 (China Regions only) KMS key pair, and the public key from your peer’s NIST-standard elliptic curve or SM2 (China Regions only) key pair. The public key can be from another asymmetric KMS key pair or from a key pair generated outside of KMS, but both key pairs must be on the same elliptic curve. @@ -141 +141 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/kms-20 -> Identifies an asymmetric NIST-recommended ECC or SM2 (China Regions only) KMS key. KMS uses the private key in the specified key pair to derive the shared secret. The key usage of the KMS key must be `KEY_AGREEMENT` . To find the `KeyUsage` of a KMS key, use the DescribeKey operation. +> Identifies an asymmetric NIST-standard ECC or SM2 (China Regions only) KMS key. KMS uses the private key in the specified key pair to derive the shared secret. The key usage of the KMS key must be `KEY_AGREEMENT` . To find the `KeyUsage` of a KMS key, use the DescribeKey operation. @@ -175 +175 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/kms-20 -> Specifies the public key in your peer’s NIST-recommended elliptic curve (ECC) or SM2 (China Regions only) key pair. +> Specifies the public key in your peer’s NIST-standard elliptic curve (ECC) or SM2 (China Regions only) key pair. @@ -481 +481 @@ KeyOrigin -> (string) - * [AWS CLI 2.31.31 Command Reference](../../index.html) » + * [AWS CLI 2.31.32 Command Reference](../../index.html) »