[feature proposal] additional keyring trace entries #97
Assignees
Labels
Milestone
Comments
mattsb42-aws
added
Doc impact
seebees
added a commit
to seebees/aws-encryption-sdk-javascript
that referenced
this issue
Apr 25, 2020
If no keyrings attempt to decrypt any encrypted data keys, then the message can not be decrypted. The code attempted to enforce this, by retrieving the unencrypted data key in node. There were two issues here 1. The check ensure the validity of the materials, itself threw an error. 1. Had this check succeeded, the error message `'Unencrypted data key is invalid.’` is not incredibly more helpful than 'unencryptedDataKey has not been set' The error message has been updated, and the tests have been updated to verify _this_ error message. On a related note awslabs/aws-encryption-sdk-specification#97 starts to explore some additional possibilities. The fullness of this issue is not only in failure, but success can also have similar issues.
seebees
added a commit
to seebees/aws-encryption-sdk-javascript
that referenced
this issue
Apr 25, 2020
If no keyrings attempt to decrypt any encrypted data keys, then the message can not be decrypted. The code attempted to enforce this, by retrieving the unencrypted data key in node. There were two issues here 1. The check ensure the validity of the materials, itself threw an error. 1. Had this check succeeded, the error message `'Unencrypted data key is invalid.’` is not incredibly more helpful than 'unencryptedDataKey has not been set' The error message has been updated, and the tests have been updated to verify _this_ error message. On a related note awslabs/aws-encryption-sdk-specification#97 starts to explore some additional possibilities. The fullness of this issue is not only in failure, but success can also have similar issues.
This was referenced Apr 25, 2020
Closed
seebees
added a commit
to seebees/aws-encryption-sdk-javascript
that referenced
this issue
Aug 7, 2020
resolves: aws#152, aws#31 linked: awslabs/aws-encryption-sdk-specification#105 If no keyrings attempt to decrypt any encrypted data keys, then the message can not be decrypted. The code attempted to enforce this, by retrieving the unencrypted data key in node. There were two issues here 1. The check ensure the validity of the materials, itself threw an error. 1. Had this check succeeded, the error message `'Unencrypted data key is invalid.’` is not incredibly more helpful than 'unencryptedDataKey has not been set' The error message has been updated, and the tests have been updated to verify _this_ error message. On a related note awslabs/aws-encryption-sdk-specification#97 starts to explore some additional possibilities. The fullness of this issue is not only in failure, but success can also have similar issues.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NOTE: I would argue that this is dependent on and blocked by #95.
Problem
One of the common challenges that users of the AWS Encryption SDK encounter is how to debug why an encryption or decryption did not work. The keyring trace can help to audit what worked but does not currently help determine if something did not work.
Type of Problem
feature
Actual Behavior
Keyrings currently only add entries to the trace on success.
Desired Behavior
Keyrings should add entries to the keyring trace that describe what they did for no-ops and failure as well as success.
Proposed Solution
In order to help close the debugging issue, this proposal is to add additional trace entry flags that keyrings SHOULD use in new trace entries.
SKIPPED: Keyring was engaged but did not attempt to decrypt any EDKs.DECRYPT_FAILED: Keyring attempted to decrypt EDK but failed.Open questions:
The text was updated successfully, but these errors were encountered: