主权项 |
1. A computer-implemented method for enforcing policy, comprising:
under the control of one or more computer systems configured with executable instructions,
using an authenticated encryption mode of a cipher to generate, based at least in part on a key, plaintext and associated data, an authenticated ciphertext;associating a policy with the key, the policy specifying a condition, based at least in part on the associated data, for providing the plaintext;receiving, in connection with a request to decrypt the authenticated ciphertext using the key, purported associated data;verifying, based at least in part on the purported associated data and the authenticated ciphertext, that the purported associated data matches the associated data;as a result of verifying that the purported associated data matches the associated data, determining, based at least in part on the purported associated data, whether the policy allows providing the plaintext; andproviding the plaintext as a result of determining that the policy allows providing the plaintext. |