Expand description
KMS client for ECDH key exchange and encryption key retrieval.
Implements the Webex KMS protocol:
- Fetch KMS cluster details (rsaPublicKey, kmsCluster)
- ECDH handshake: generate local P-256 keypair, wrap with RSA-OAEP, send via HTTP, receive response via Mercury, derive shared key
- Key retrieval: wrap request with ECDH-derived key, send via HTTP, receive via Mercury, unwrap to get content key
- Content keys are JWE A256KW + A256GCM
Structsยง
- KmsClient
- KMS client for Webex end-to-end encryption.
- KmsResponse
Handler - Handle for resolving KMS responses from Mercury.