The only information I found about KMS ciphertext blob is in this document. Starting at the bottom of page 23 it says:
Whenever an element is encrypted under a CMK the resulting object is a customer ciphertext. The ciphertext will contain two sections: an unencrypted header (or cleartext) portion, protected by the authenticated encryption scheme
as the additional authenticated data, and an encrypted portion. The cleartext
portion will include the HSA backing key identifier (HBKID).
I could not find any more format specifics, not even:
- Which part of the ciphertext blob is the encrypted portion?
- What initialization vector (IV) was used?
- Was there a key derivation function (KDF) used?
However, if you want to backup in case KMS fails, when using envelope encryption, it is enough to backup the data key only. In the end, this is the only key that is needed to decrypt the data. Of course storing such key backup has to be done with equal care as you would store the imported key material.