AWS prescriptive-guidance documentation change
Summary
Added implementation guidance and references to AWS-LC library and KMS services for cryptographic algorithms
Security assessment
Enhanced documentation about security features (cryptographic implementations) by adding references to AWS-LC and KMS. No vulnerability fix, but improves security guidance.
Diff
diff --git a/prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md b/prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md index 4dd19ce45..a44b1e07c 100644 --- a//prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md +++ b//prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md @@ -49 +49 @@ The following tables summarize the cryptographic algorithms, ciphers, modes, and -The following table lists supported asymmetric algorithms for encryption, key agreement, and digital signatures. +The following table lists asymmetric algorithms approved for use for encryption, key agreement, and digital signatures. If you need a software library implementation for one of these algorithms, please check to see if it is included in the latest version of the [AWS-LC library](https://github.com/aws/aws-lc). If you need a support for an algorithm in a web service, please check to see if it is included in the [current set of the asymmetric operations](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) offered by AWS Key Management Service. @@ -67 +67 @@ Signatures | RSA-2048 or RSA-3072 | Acceptable -The following table lists supported symmetric algorithms for encryption, authenticated encryption, and key wrapping. +The following table lists symmetric algorithms approved for encryption, authenticated encryption, and key wrapping. If you need a software library implementation for one of these algorithms, please check to see if it is included in the latest version of the [AWS-LC library](https://github.com/aws/aws-lc). If you need a support for a symmetric algorithm implementation in a web service, the AES-GCM implementation in AWS Key Management Service is the only option available.