From efa6c92ecadc27a3bfc56a18dc747b6ecbda8d60 Mon Sep 17 00:00:00 2001 From: texastony <5892063+texastony@users.noreply.github.com> Date: Tue, 10 May 2022 13:20:38 -0700 Subject: [PATCH 1/3] feat(Example): commitment policy --- .../configuration/commitment-policy.md | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 examples/templates/configuration/commitment-policy.md diff --git a/examples/templates/configuration/commitment-policy.md b/examples/templates/configuration/commitment-policy.md new file mode 100644 index 00000000..e1f514e7 --- /dev/null +++ b/examples/templates/configuration/commitment-policy.md @@ -0,0 +1,70 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + +# Commitment Policy example + +Implementations of this example MUST follow the rules defined in +[Example Templates](../../../examples.md#example-templates). + +## Implementations + +- [NET](https://github.com/aws/aws-encryption-sdk-dafny/blob/mainline/aws-encryption-sdk-net/Examples/CommitmentPolicy.cs) + +## Definitions + +### Conventions used in this document + +The key words +"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", +"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" +in this document are to be interpreted as described in +[RFC 2119](https://tools.ietf.org/html/rfc2119). + +## Header + +```c# +/// The commitment policy is a security feature that, if set to its strictest +/// setting, ensures that messages are decrypted with the same data key +/// used to encrypt them. +/// Read more about Key Commitment and the commitment policy Here: +/// https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#key-commitment +``` + +## Summary + +```c# +/// Demonstrates setting the commitment policy. +``` + +## Inputs + +- **plaintext** : + Plaintext to encrypt + +## Steps + +1. Instantiate the Material Providers and Encryption SDK + +```c# +// Instantiate the Encryption SDK +// Set the EncryptionSDK's commitment policy parameter +// to it's least strict setting, +// FORBID_ENCRYPT_ALLOW_DECRYPT +``` + +2. Encrypt the plaintext data. + +```c# +// Encrypt your plaintext data. +// Since the CommitmentPolicy is set to Forbid Encrypt, +// the Encryption SDK will encrypt the plaintext without key commitment. +``` + +3. Decrypt the encrypted data + +4. Demonstrate that the decrypted plaintext is identical to the original plaintext. + +5. Demonstrate that an EncryptionSDK that enforces Key Commitment on Decryption will fail to decrypt the encrypted message (as it was encrypted without Key Commitment). + +6. Demonstrate that the EncryptionSDK will not allow the commitment policy and the Algorithm Suite to be in conflict. + From 266e864c2ff2b17b038b1e5d162a64625d5b215c Mon Sep 17 00:00:00 2001 From: texastony <5892063+texastony@users.noreply.github.com> Date: Tue, 10 May 2022 13:22:02 -0700 Subject: [PATCH 2/3] fix(Example): commitment policy --- examples/templates/configuration/commitment-policy.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/examples/templates/configuration/commitment-policy.md b/examples/templates/configuration/commitment-policy.md index e1f514e7..d40bf86f 100644 --- a/examples/templates/configuration/commitment-policy.md +++ b/examples/templates/configuration/commitment-policy.md @@ -60,11 +60,10 @@ in this document are to be interpreted as described in // the Encryption SDK will encrypt the plaintext without key commitment. ``` -3. Decrypt the encrypted data +3. Decrypt the encrypted data 4. Demonstrate that the decrypted plaintext is identical to the original plaintext. 5. Demonstrate that an EncryptionSDK that enforces Key Commitment on Decryption will fail to decrypt the encrypted message (as it was encrypted without Key Commitment). 6. Demonstrate that the EncryptionSDK will not allow the commitment policy and the Algorithm Suite to be in conflict. - From 330476126ef260bdcc54e7263f914cfc51aebccd Mon Sep 17 00:00:00 2001 From: texastony <5892063+texastony@users.noreply.github.com> Date: Wed, 15 Jun 2022 17:00:48 -0700 Subject: [PATCH 3/3] fix(example): remove comment syntax --- .../configuration/commitment-policy.md | 51 ++++++++++++------- 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/examples/templates/configuration/commitment-policy.md b/examples/templates/configuration/commitment-policy.md index d40bf86f..932ae054 100644 --- a/examples/templates/configuration/commitment-policy.md +++ b/examples/templates/configuration/commitment-policy.md @@ -22,18 +22,18 @@ in this document are to be interpreted as described in ## Header -```c# -/// The commitment policy is a security feature that, if set to its strictest -/// setting, ensures that messages are decrypted with the same data key -/// used to encrypt them. -/// Read more about Key Commitment and the commitment policy Here: -/// https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#key-commitment +``` +The commitment policy is a security feature that, if set to its strictest +setting, ensures that messages are decrypted with the same data key +used to encrypt them. +Read more about Key Commitment and the commitment policy Here: +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#key-commitment ``` ## Summary -```c# -/// Demonstrates setting the commitment policy. +``` +Demonstrates setting the commitment policy. ``` ## Inputs @@ -45,25 +45,38 @@ in this document are to be interpreted as described in 1. Instantiate the Material Providers and Encryption SDK -```c# -// Instantiate the Encryption SDK -// Set the EncryptionSDK's commitment policy parameter -// to it's least strict setting, -// FORBID_ENCRYPT_ALLOW_DECRYPT +``` +Instantiate the Encryption SDK +Set the EncryptionSDK's commitment policy parameter +to it's least strict setting, FORBID_ENCRYPT_ALLOW_DECRYPT ``` 2. Encrypt the plaintext data. -```c# -// Encrypt your plaintext data. -// Since the CommitmentPolicy is set to Forbid Encrypt, -// the Encryption SDK will encrypt the plaintext without key commitment. +``` +Encrypt your plaintext data. +Since the CommitmentPolicy is set to Forbid Encrypt, +the Encryption SDK will encrypt the plaintext without key commitment. ``` 3. Decrypt the encrypted data 4. Demonstrate that the decrypted plaintext is identical to the original plaintext. -5. Demonstrate that an EncryptionSDK that enforces Key Commitment on Decryption will fail to decrypt the encrypted message (as it was encrypted without Key Commitment). +5. Demonstrate that an EncryptionSDK that enforces Key Commitment on Decryption + will fail to decrypt the encrypted message (as it was encrypted without Key Commitment). -6. Demonstrate that the EncryptionSDK will not allow the commitment policy and the Algorithm Suite to be in conflict. +``` +Repeat the earlier decryption steps, proving that they fail +``` + +6. Demonstrate that the EncryptionSDK will not allow the commitment policy + and the Algorithm Suite to be in conflict. + +``` +Now, the `encryptionSDK` is configured to Require Key Commitment +on both Encrypt and Decrypt (this was set on lines 100 - 105). +If we try and Encrypt data with an Algorithm that does not support Commitment: + +The encryption will fail. +```