File tree Expand file tree Collapse file tree 1 file changed +7
-4
lines changed Expand file tree Collapse file tree 1 file changed +7
-4
lines changed Original file line number Diff line number Diff line change @@ -123,14 +123,17 @@ public class BasicEncryptionExample {
123123 .keyring(keyring)
124124 .ciphertext(ciphertext). build());
125125
126- // 6. The Keyring Trace may be inspected to verify which CMK was used for decryption .
126+ // 6. To verify the CMK that was actually used in the decrypt operation, inspect the keyring trace .
127127 if (! decryptResult. getKeyringTrace(). getEntries(). get(0 ). getKeyName(). equals(keyArn. toString())) {
128128 throw new IllegalStateException (" Wrong key ID!"
129129 }
130130
131- // 7. Verify that the encryption context in the result contains the
132- // data that we expect. The SDK can add values to the encryption context,
133- // so there may be additional keys in the result context.
131+ // 7. To verify that the encryption context used to decrypt the data was the encryption context you expected,
132+ // examine the encryption context in the result. This helps to ensure that you decrypted the ciphertext that
133+ // you intended.
134+ //
135+ // When verifying, test that your expected encryption context is a subset of the actual encryption context,
136+ // not an exact match. The Encryption SDK adds the signing key to the encryption context when appropriate.
134137 assert decryptResult. getEncryptionContext(). get(" Example" . equals(" String"
135138
136139 // 8. Verify that the decrypted plaintext matches the original plaintext
You can’t perform that action at this time.
0 commit comments