AWSKeyData Type
Key information downloaded from Amazon KMS.
Remarks
This type represents a CMK's public key, a data key, or a data key pair downloaded from Amazon KMS.
Fields
|
Algorithms String |
The algorithms supported by the public key. When GetPublicKey is called, this field will contain a comma-separated list of algorithms that the PublicKey can be used with. Always empty when GenerateDataKey or GenerateDataKeyPair is called. If ForSigning is false, possible values are:
If ForSigning is true, possible values are:
|
|
ARN String |
The Amazon resource name (ARN) of the associated CMK. When GetPublicKey is called, this field reflects the Amazon resource name (ARN) of the CMK whose PublicKey was downloaded. When GenerateDataKey or GenerateDataKeyPair is called, this field reflects the ARN of the CMK that encrypted the data key or the data key pair's private key (respectively) that is stored in EncryptedKey. |
|
EncryptedKey String |
The encrypted key or private key data. When GenerateDataKey is called, this field reflects the encrypted data key that was downloaded. When GenerateDataKeyPair is called, this field reflects the encrypted private key of the data key pair that was downloaded. In the case of GenerateDataKeyPair, note that the actual private key data will be in DER format upon decryption. It is up to the application to convert it to another format after decryption if necessary. Always empty when GetPublicKey is called. |
|
EncryptedKeyB byte [] |
The encrypted key or private key data. When GenerateDataKey is called, this field reflects the encrypted data key that was downloaded. When GenerateDataKeyPair is called, this field reflects the encrypted private key of the data key pair that was downloaded. In the case of GenerateDataKeyPair, note that the actual private key data will be in DER format upon decryption. It is up to the application to convert it to another format after decryption if necessary. Always empty when GetPublicKey is called. |
|
ForSigning boolean |
Whether the public key is for signing or encryption. When GetPublicKey is called, this field reflects whether the downloaded PublicKey is to be used for verification (true) or encryption (false). Always false when GenerateDataKey or GenerateDataKeyPair is called. |
|
KeySpec String |
The key spec of the downloaded key data. When GetPublicKey is called, this field reflects the spec of the CMK whose PublicKey was downloaded, and the possible values are:
When GenerateDataKey is called, this field reflects either the spec of the data key or the size of the data key in bytes (whichever was passed to the method); one of:
When GenerateDataKeyPair is called, this field reflects the spec of the data key pair, and the possible values are the same as they are for GetPublicKey. |
|
PlaintextKey String |
The plaintext key or private key data. If, when GenerateDataKey or GenerateDataKeyPair is called, the IncludePlaintext parameter was true, this field will reflect the plaintext data key or private key of the data key pair (respectively) that was downloaded. Otherwise, it will be empty. In the case of GenerateDataKeyPair, this field exposes the private key in PEM format for convenience. Always empty when GetPublicKey is called. |
|
PlaintextKeyB byte [] |
The plaintext key or private key data. If, when GenerateDataKey or GenerateDataKeyPair is called, the IncludePlaintext parameter was true, this field will reflect the plaintext data key or private key of the data key pair (respectively) that was downloaded. Otherwise, it will be empty. In the case of GenerateDataKeyPair, this field exposes the private key in PEM format for convenience. Always empty when GetPublicKey is called. |
|
PublicKey String |
The public key. When GetPublicKey is called, this field will reflect the public key of the CMK. When GenerateDataKeyPair is called, this field will reflect the public key of the data key pair. The public key is exposed in PEM format for convenience. Always empty when GenerateDataKey is called. |