opentdf
diff --git a/‎docs/grpc/index.html‎
Lines changed: 3 additions & 2 deletions b/‎docs/grpc/index.html‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎protocol/go/kas/kas.pb.go‎
Lines changed: 6 additions & 5 deletions b/‎protocol/go/kas/kas.pb.go‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎sample.tdf‎
1.49 KB b/‎sample.tdf‎
1.49 KB
diff --git a/‎sdk/tdf.go‎
Lines changed: 1 addition & 1 deletion b/‎sdk/tdf.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎service/kas/access/rewrap.go‎
Lines changed: 3 additions & 3 deletions b/‎service/kas/access/rewrap.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎service/kas/kas.proto‎
Lines changed: 3 additions & 2 deletions b/‎service/kas/kas.proto‎
Lines changed: 3 additions & 2 deletions
@@ -975,7 +975,7 @@ func createRewrapRequest(_ context.Context, r *Reader) (map[string]*kas.Unsigned
 				},
 				SplitId:            kao.SplitID,
 				WrappedKey:         key,
-				EphemeralPublicKey: []byte(kao.EphemeralPublicKey),
+				EphemeralPublicKey: kao.EphemeralPublicKey,
 			},
 		}
 		if req, ok := kasReqs[kao.KasURL]; ok {
 
@@ -170,7 +170,7 @@ func extractAndConvertV1SRTBody(body []byte) (kaspb.UnsignedRewrapRequest, error
 						SplitId:            kao.SID,
 						WrappedKey:         kao.WrappedKey,
 						Header:             kao.Header,
-						EphemeralPublicKey: []byte(kao.EphemeralPublicKey),
+						EphemeralPublicKey: kao.EphemeralPublicKey,
 					},
 				},
 			},
@@ -467,7 +467,7 @@ func (p *Provider) verifyRewrapRequests(ctx context.Context, req *kaspb.Unsigned
 			ephemeralPubKeyPEM := kao.GetKeyAccessObject().GetEphemeralPublicKey()
 
 			// Get EC key size and convert to mode
-			keySize, err := ocrypto.GetECKeySize(ephemeralPubKeyPEM)
+			keySize, err := ocrypto.GetECKeySize([]byte(ephemeralPubKeyPEM))
 			if err != nil {
 				return nil, results, fmt.Errorf("failed to get EC key size: %w", err)
 			}
@@ -478,7 +478,7 @@ func (p *Provider) verifyRewrapRequests(ctx context.Context, req *kaspb.Unsigned
 			}
 
 			// Parse the PEM public key
-			block, _ := pem.Decode(ephemeralPubKeyPEM)
+			block, _ := pem.Decode([]byte(ephemeralPubKeyPEM))
 			if block == nil {
 				return nil, results, fmt.Errorf("failed to decode PEM block")
 			}
 
@@ -48,8 +48,9 @@ message KeyAccess {
   // header is only used for NanoTDFs
   bytes header = 9;
 
-  // For wrapping with an ECDH derived key, when type=ec-wrapped
-  bytes ephemeral_public_key = 10;
+  // For wrapping with an ECDH derived key, when type=ec-wrapped.
+  // Should be a PEM-encoded PKCS#8 (asn.1) value.
+  string ephemeral_public_key = 10;
 }
 
 message UnsignedRewrapRequest {
Original file line number	Diff line number	Diff line change
`@@ -975,7 +975,7 @@ func createRewrapRequest(_ context.Context, r Reader) (map[string]kas.Unsigned`
`975`	`975`	`},`
`976`	`976`	`SplitId: kao.SplitID,`
`977`	`977`	`WrappedKey: key,`
`978`		`- EphemeralPublicKey: []byte(kao.EphemeralPublicKey),`
	`978`	`+ EphemeralPublicKey: kao.EphemeralPublicKey,`
`979`	`979`	`},`
`980`	`980`	`}`
`981`	`981`	`if req, ok := kasReqs[kao.KasURL]; ok {`