Decide on behavior when a keyring fails an operation #31
Comments
seebees
added a commit
to seebees/aws-encryption-sdk-javascript
that referenced
this issue
Aug 7, 2020
resolves: aws#152, aws#31 linked: awslabs/aws-encryption-sdk-specification#105 If no keyrings attempt to decrypt any encrypted data keys, then the message can not be decrypted. The code attempted to enforce this, by retrieving the unencrypted data key in node. There were two issues here 1. The check ensure the validity of the materials, itself threw an error. 1. Had this check succeeded, the error message `'Unencrypted data key is invalid.’` is not incredibly more helpful than 'unencryptedDataKey has not been set' The error message has been updated, and the tests have been updated to verify _this_ error message. On a related note awslabs/aws-encryption-sdk-specification#97 starts to explore some additional possibilities. The fullness of this issue is not only in failure, but success can also have similar issues.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When a keyring or sub-keyring fails an operation, what side effect do we want?
Log a record of what happened? Do nothing? Something else?
This affects all keyring implementations.
The text was updated successfully, but these errors were encountered: