I am trying for Decrypt API of AWS KMS from an enclave.
And In the Nitro Enclave Documentation, it was expressed that, instead of returning the plaintext ( decrypted result ) KMS response with "CiphertextForRecipient" which is encrypted with the public key in the attestation. And that "CiphertextForRecipient" can be decrypted with the private key in the enclave.
Refered from https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html.
In the attestation document, there is public key(optional) value.
Refered from https://docs.aws.amazon.com/enclaves/latest/user/verify-root.html.
So, my question is, which private key am I going to use to decrypt?
Is it the private key of corresponding public key which is used to signed the attestation document.
Or the private key of the corresponding public key which is optional value of attestation document.
