AWS CMK(custom managed key)
--
How to create CMK
AWS has 3 options — AWS Key Management Service (AWS KMS)
- AWK default generated key
- AWS CMK (custom managed key)
- Custom Stored Keys (HSM)
How to generate AWS CMK
You will need to create the outline for the key first
→ and then wrap it with the actual key material (actual key generated by openssl)
<How to create CMK outline — without key material>
<How to input key material → CMK>
https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html
Choose encryption method : this example is — RSAES_OAEP_SHA_1
>>Create your key in local : openssl rand -out PlaintextKeyMaterial.bin 32
>>Wrap your key with generated public key(from AWS)
openssl rsautl -encrypt \
-in PlaintextKeyMaterial.bin \
-oaep \
-inkey PublicKey.bin \
-keyform DER \
-pubin \
-out EncryptedKeyMaterial.bin
>> and submit the wrapped key & token