Failed to decrypt ciphertext: number of unwrapped shares is 0 but expected 1 for 'no split' option #3
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Have a working stet w/ Google KMS environment. I can use gsutil to send encrypted files to Cloud Storage from both my "on-prem" ubuntu with STET and my confidential computing VM. When I attempt to download from Storage to my "on-prem" ubuntu, I get the error: Failed to decrypt ciphertext: number of unwrapped shares is 0 but expected 1 for 'no split' option. This configuration had worked with an issue a year ago, but I've struggled to get the "on-prem" client to work. I tried to set up a new STET client on a Google Cloud VM and same result as my "on-prem" VM. My stet.yaml file in both on-prem and confidential computing are identical... example:
GNU nano 4.8 stet.yaml
~/.config/stet.yaml
encrypt_config:
key_config:
kek_infos:
- kek_uri: "gcp-kms://projects/xxxx/locations/us-central1/keyRings/ciphertrust-EKM/cryptoKeys/open-wrap-unwrap"
dek_algorithm: AES256_GCM
no_split: true
decrypt_config:
key_configs:
dek_algorithm: AES256_GCM
no_split: true
The text was updated successfully, but these errors were encountered: