Support Re-Key Operation in AwsCrypto

[ngbalk]

For scenarios like key-rotation, I think it would be very useful to support a re-keying operation, where we decrypt the data key using one master key, and then re-encrypt with another master key. This also leverages the convenient envelope structure of the encrypted payload. I've noticed this is supported using the KMS Client (re-keying happens on the server side in that case), but feels like it should also exist in the SDK as well!

Thoughts?

Nick

CC: @Walliee

[mattsb42-aws]

Hi @ngbalk

TLDR: Yes, this is something we have looked into. Yes, we agree that it would be useful. No, we don't currently have a time by which we expect to add it.

The general problem of updating the header without re-encrypting the message is something that we have looked at in the past, as there are a variety of interesting capabilities this would give us (mainly around adding/removing master keys).

One problem with implementing this is that with the current signature schemes used, we would still need to read the entire ciphertext, even if we wouldn't need to re-encrypt it. This is a specific manifestation of a more general problem we have been looking at for different signature schemes that would allow us to modify part of the message without having to process the entire message (ex: changing the contents of one frame). This is something that we are looking at, but we do not have any estimated timeline for when it might be available.

There is also the concern of how to handle master key authorization when multiple master keys are present in a ciphertext message, so as to not lose any authorization promises made by any of the master keys. This is something that we will need to consider before implementing this, but should not require any fundamental additions to the specification, as the partial updates will.