AWS Security ChangesHomeSearch

AWS kms high security documentation change

Service: kms · 2025-11-10 · Security-related high

File: kms/latest/developerguide/symm-asymm-choose-key-spec.md

Summary

Added ECC_NIST_EDWARDS25519 key spec documentation with message type requirements for Ed25519 signing algorithms, updated NIST terminology from 'recommended' to 'standard', and clarified key usage restrictions

Security assessment

The change explicitly documents security-critical requirements for Ed25519 key usage (MessageType constraints) and updates cryptographic standards references. Incorrect message type usage could lead to signature validation failures or cryptographic vulnerabilities.

Diff

diff --git a/kms/latest/developerguide/symm-asymm-choose-key-spec.md b/kms/latest/developerguide/symm-asymm-choose-key-spec.md
index af8d6c716..dfcb4ca0a 100644
--- a//kms/latest/developerguide/symm-asymm-choose-key-spec.md
+++ b//kms/latest/developerguide/symm-asymm-choose-key-spec.md
@@ -44 +44 @@ Elliptic curve key specs
-  * Asymmetric NIST-recommended [elliptic curve key pairs](https://datatracker.ietf.org/doc/html/rfc5753/) (signing and verification -or- deriving shared secrets)
+  * Asymmetric NIST-standard [elliptic curve key pairs](https://datatracker.ietf.org/doc/html/rfc5753/) (signing and verification -or- deriving shared secrets)
@@ -51,0 +52,4 @@ Elliptic curve key specs
+    * ECC_NIST_EDWARDS25519 (ed25519) - signing and verification only
+
+      * **Note:** For ECC_NIST_EDWARDS25519 KMS keys, the ED25519_SHA_512 signing algorithm requires [`MessageType:RAW`](https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html#KMS-Sign-request-MessageType), while ED25519_PH_SHA_512 requires [`MessageType:DIGEST`](https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html#KMS-Sign-request-MessageType). These message types cannot be used interchangeably.
+
@@ -184,0 +189,2 @@ When you use an elliptic curve (ECC) key spec, AWS KMS creates an asymmetric KMS
+When you use an Edwards Curve key spec, AWS KMS creates an asymmetric KMS key with an Ed25519 key pair for signing and verification. The private key that generates signatures never leaves AWS KMS unencrypted. You can use the public key to [verify signatures](https://docs.aws.amazon.com/kms/latest/APIReference/API_Verify.html) within AWS KMS, or [download the public key](./importing-keys-get-public-key-and-token.html) for use outside of AWS KMS. 
+
@@ -187 +193 @@ AWS KMS supports the following ECC key specs for asymmetric KMS keys.
-  * Asymmetric NIST-recommended elliptic curve key pairs (signing and verification -or- deriving shared secrets)
+  * Asymmetric NIST-standard elliptic curve key pairs (signing and verification -or- deriving shared secrets)
@@ -194,0 +201,4 @@ AWS KMS supports the following ECC key specs for asymmetric KMS keys.
+    * ECC_NIST_EDWARDS25519 (ed25519) - signing and verification only
+
+      * **Note:** For ECC_NIST_EDWARDS25519 KMS keys, the ED25519_SHA_512 signing algorithm requires [`MessageType:RAW`](https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html#KMS-Sign-request-MessageType), while ED25519_PH_SHA_512 requires [`MessageType:DIGEST`](https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html#KMS-Sign-request-MessageType). These message types cannot be used interchangeably.
+
@@ -204 +214 @@ The ECC key spec that you choose might be determined by your security standards
-If you're creating an asymmetric KMS key to [derive shared secrets](https://docs.aws.amazon.com/kms/latest/APIReference/API_DeriveSharedSecret.html), use one of the NIST-recommended elliptic curve key specs. The only supported key agreement algorithm for deriving shared secrets is the [Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf#page=60) (ECDH). For an example of how to derive shared secrets offline, see [Deriving shared secrets offline](./offline-operations.html#key-spec-ecc-offline).
+If you're creating an asymmetric KMS key to [derive shared secrets](https://docs.aws.amazon.com/kms/latest/APIReference/API_DeriveSharedSecret.html), use one of the NIST-standard elliptic curve key specs (except ECC_SECG_P256K1 and ECC_NIST_EDWARDS25519). The only supported key agreement algorithm for deriving shared secrets is the [Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf#page=60) (ECDH). For an example of how to derive shared secrets offline, see [Deriving shared secrets offline](./offline-operations.html#key-spec-ecc-offline).
@@ -208,2 +217,0 @@ If you're creating an asymmetric KMS key to use with cryptocurrencies, use the E
-KMS keys with different ECC key specs are priced differently and are subject to different request quotas. For information about AWS KMS pricing, see [AWS Key Management Service Pricing](https://aws.amazon.com/kms/pricing/). For information about request quotas, see [Request quotas](./requests-per-second.html).
-
@@ -217,0 +226,2 @@ ECC_SECG_P256K1 | ECDSA_SHA_256 | NIST FIPS 186-4, Section 6.4, ECDSA signature
+ECC_NIST_EDWARDS25519 | ED25519_SHA_512 | NIST FIPS 186-5, Section 7, EdDSA signature using the curve specified by the key and SHA-512 for the message digest. KMS requires [`MessageType:RAW`](https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html#KMS-Sign-request-MessageType) with this algorithm.  
+ECC_NIST_EDWARDS25519 | ED25519_PH_SHA_512 | NIST FIPS 186-5, Section 7, EdDSA signature using the curve specified by the key and SHA-512 for the message digest. KMS requires [`MessageType:DIGEST`](https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html#KMS-Sign-request-MessageType) with this algorithm.