Cloud Keys 2020 Delphi Edition

Questions / Feedback?

AWSKeyData Type

Key information downloaded from Amazon KMS.

Remarks

This type represents a CMK's public key, a data key, or a data key pair downloaded from Amazon KMS.

Fields

Algorithms
String

The algorithms supported by the public key.

When GetPublicKey is called, this property will contain a comma-separated list of algorithms that the PublicKey can be used with. Always empty when GenerateDataKey or GenerateDataKeyPair is called.

If ForSigning is False, possible values are:

  • SYMMETRIC_DEFAULT
  • RSAES_OAEP_SHA_1
  • RSAES_OAEP_SHA_256

If ForSigning is True, possible values are:

  • RSASSA_PSS_SHA_256
  • RSASSA_PSS_SHA_384
  • RSASSA_PSS_SHA_512
  • RSASSA_PKCS1_V1_5_SHA_256
  • RSASSA_PKCS1_V1_5_SHA_384
  • RSASSA_PKCS1_V1_5_SHA_512
  • ECDSA_SHA_256
  • ECDSA_SHA_384
  • ECDSA_SHA_512

ARN
String

The Amazon resource name (ARN) of the associated CMK.

When GetPublicKey is called, this property reflects the Amazon resource name (ARN) of the CMK whose PublicKey was downloaded.

When GenerateDataKey or GenerateDataKeyPair is called, this property reflects the ARN of the CMK that encrypted the data key or the data key pair's private key (respectively) that is stored in EncryptedKey.

EncryptedKey
String

The encrypted key or private key data.

When GenerateDataKey is called, this property reflects the encrypted data key that was downloaded. When GenerateDataKeyPair is called, this property reflects the encrypted private key of the data key pair that was downloaded.

In the case of GenerateDataKeyPair, note that the actual private key data will be in DER format upon decryption. It is up to the application to convert it to another format after decryption if necessary.

Always empty when GetPublicKey is called.

EncryptedKeyB
TBytes

The encrypted key or private key data.

When GenerateDataKey is called, this property reflects the encrypted data key that was downloaded. When GenerateDataKeyPair is called, this property reflects the encrypted private key of the data key pair that was downloaded.

In the case of GenerateDataKeyPair, note that the actual private key data will be in DER format upon decryption. It is up to the application to convert it to another format after decryption if necessary.

Always empty when GetPublicKey is called.

ForSigning
Boolean

Whether the public key is for signing or encryption.

When GetPublicKey is called, this property reflects whether the downloaded PublicKey is to be used for verification (True) or encryption (False).

Always False when GenerateDataKey or GenerateDataKeyPair is called.

KeySpec
String

The key spec of the downloaded key data.

When GetPublicKey is called, this property reflects the spec of the CMK whose PublicKey was downloaded, and the possible values are:

  • RSA_2048
  • RSA_3072
  • RSA_4096
  • ECC_NIST_P256 (secp256r1)
  • ECC_NIST_P384 (secp384r1)
  • ECC_NIST_P521 (secp521r1)
  • ECC_SECG_P256K1 (secp256k1)

When GenerateDataKey is called, this property reflects either the spec of the data key or the size of the data key in bytes (whichever was passed to the method); one of:

  • AES_128
  • AES_256
  • Some number of bytes in the range 1 to 1024 (e.g., 64)

When GenerateDataKeyPair is called, this property reflects the spec of the data key pair, and the possible values are the same as they are for GetPublicKey.

PlaintextKey
String

The plaintext key or private key data.

If, when GenerateDataKey or GenerateDataKeyPair is called, the IncludePlaintext parameter was True, this property will reflect the plaintext data key or private key of the data key pair (respectively) that was downloaded. Otherwise, it will be empty.

In the case of GenerateDataKeyPair, this property exposes the private key in PEM format for convenience.

Always empty when GetPublicKey is called.

PlaintextKeyB
TBytes

The plaintext key or private key data.

If, when GenerateDataKey or GenerateDataKeyPair is called, the IncludePlaintext parameter was True, this property will reflect the plaintext data key or private key of the data key pair (respectively) that was downloaded. Otherwise, it will be empty.

In the case of GenerateDataKeyPair, this property exposes the private key in PEM format for convenience.

Always empty when GetPublicKey is called.

PublicKey
String

The public key.

When GetPublicKey is called, this property will reflect the public key of the CMK. When GenerateDataKeyPair is called, this property will reflect the public key of the data key pair. The public key is exposed in PEM format for convenience.

Always empty when GenerateDataKey is called.

 
 
Copyright (c) 2021 /n software inc. - All rights reserved.
Cloud Keys 2020 Delphi Edition - Version 20.0 [Build 7718]