AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-11-10 · Documentation medium

File: cli/latest/reference/kms/sign.md

Summary

Added documentation for ED25519_SHA_512 and ED25519_PH_SHA_512 signing algorithms with message type requirements

Security assessment

Introduces documentation for new EdDSA-based signing algorithms which are modern cryptographic features. While this adds security-related documentation, there is no evidence of addressing a specific vulnerability.

Diff

diff --git a/cli/latest/reference/kms/sign.md b/cli/latest/reference/kms/sign.md
index 3a2a545bb..2c48bc8da 100644
--- a//cli/latest/reference/kms/sign.md
+++ b//cli/latest/reference/kms/sign.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.31 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.32 Command Reference](../../index.html) »
@@ -173,0 +174,7 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/kms-20
+> 
+> When using ECC_NIST_EDWARDS25519 KMS keys:
+> 
+>   * ED25519_SHA_512 signing algorithm requires KMS `MessageType:RAW`
+>   * ED25519_PH_SHA_512 signing algorithm requires KMS `MessageType:DIGEST`
+> 
+
@@ -245,0 +253,2 @@ Syntax:
+>   * `ED25519_SHA_512`
+>   * `ED25519_PH_SHA_512`
@@ -463,0 +473,2 @@ SigningAlgorithm -> (string)
+>   * `ED25519_SHA_512`
+>   * `ED25519_PH_SHA_512`
@@ -477 +488 @@ SigningAlgorithm -> (string)
-  * [AWS CLI 2.31.31 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.32 Command Reference](../../index.html) »