AWS CMK(custom managed key)

June Chung
1 min readOct 1, 2020

--

How to create CMK

AWS has 3 options — AWS Key Management Service (AWS KMS)

  • AWK default generated key
  • AWS CMK (custom managed key)
  • Custom Stored Keys (HSM)

How to generate AWS CMK
You will need to create the outline for the key first
→ and then wrap it with the actual key material (actual key generated by openssl)

<How to create CMK outline — without key material>

Importing key material step 1: Create an AWS KMS customer master key (CMK) with no key material

By default, AWS KMS creates key material for you when you create a customer master key (CMK). To instead import your…

docs.aws.amazon.com

<How to input key material → CMK>
https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html
Choose encryption method : this example is — RSAES_OAEP_SHA_1

>>Create your key in local : openssl rand -out PlaintextKeyMaterial.bin 32

>>Wrap your key with generated public key(from AWS)

openssl rsautl -encrypt \
-in PlaintextKeyMaterial.bin \
-oaep \
-inkey PublicKey.bin \
-keyform DER \
-pubin \
-out EncryptedKeyMaterial.bin

>> and submit the wrapped key & token

--

--

June Chung

Written by June Chung

1 Follower

More from June Chung

See all from June Chung

Lists

Staff Picks

456 stories299 saves

Stories to Help You Level-Up at Work

19 stories226 saves

Self-Improvement 101

20 stories610 saves

Productivity 101

20 stories564 saves
See more recommendations

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams