AWSKeyData Type
Key information downloaded from Amazon KMS.
Remarks
This type represents a CMK's public key, a data key, or a data key pair downloaded from Amazon KMS.
Fields
Algorithms String |
The algorithms supported by the public key. When GetPublicKey is called, this property will contain a comma-separated list of algorithms that the PublicKey can be used with. Always empty when GenerateDataKey or GenerateDataKeyPair is called. If ForSigning is False, possible values are:
If ForSigning is True, possible values are:
|
ARN String |
The Amazon resource name (ARN) of the associated CMK. When GetPublicKey is called, this property reflects the Amazon resource name (ARN) of the CMK whose PublicKey was downloaded. When GenerateDataKey or GenerateDataKeyPair is called, this property reflects the ARN of the CMK that encrypted the data key or the data key pair's private key (respectively) that is stored in EncryptedKey. |
EncryptedKey String |
The encrypted key or private key data. When GenerateDataKey is called, this property reflects the encrypted data key that was downloaded. When GenerateDataKeyPair is called, this property reflects the encrypted private key of the data key pair that was downloaded. In the case of GenerateDataKeyPair, note that the actual private key data will be in DER format upon decryption. It is up to the application to convert it to another format after decryption if necessary. Always empty when GetPublicKey is called. |
EncryptedKeyB TBytes |
The encrypted key or private key data. When GenerateDataKey is called, this property reflects the encrypted data key that was downloaded. When GenerateDataKeyPair is called, this property reflects the encrypted private key of the data key pair that was downloaded. In the case of GenerateDataKeyPair, note that the actual private key data will be in DER format upon decryption. It is up to the application to convert it to another format after decryption if necessary. Always empty when GetPublicKey is called. |
ForSigning Boolean |
Whether the public key is for signing or encryption. When GetPublicKey is called, this property reflects whether the downloaded PublicKey is to be used for verification (True) or encryption (False). Always False when GenerateDataKey or GenerateDataKeyPair is called. |
KeySpec String |
The key spec of the downloaded key data. When GetPublicKey is called, this property reflects the spec of the CMK whose PublicKey was downloaded, and the possible values are:
When GenerateDataKey is called, this property reflects either the spec of the data key or the size of the data key in bytes (whichever was passed to the method); one of:
When GenerateDataKeyPair is called, this property reflects the spec of the data key pair, and the possible values are the same as they are for GetPublicKey. |
PlaintextKey String |
The plaintext key or private key data. If, when GenerateDataKey or GenerateDataKeyPair is called, the IncludePlaintext parameter was True, this property will reflect the plaintext data key or private key of the data key pair (respectively) that was downloaded. Otherwise, it will be empty. In the case of GenerateDataKeyPair, this property exposes the private key in PEM format for convenience. Always empty when GetPublicKey is called. |
PlaintextKeyB TBytes |
The plaintext key or private key data. If, when GenerateDataKey or GenerateDataKeyPair is called, the IncludePlaintext parameter was True, this property will reflect the plaintext data key or private key of the data key pair (respectively) that was downloaded. Otherwise, it will be empty. In the case of GenerateDataKeyPair, this property exposes the private key in PEM format for convenience. Always empty when GetPublicKey is called. |
PublicKey String |
The public key. When GetPublicKey is called, this property will reflect the public key of the CMK. When GenerateDataKeyPair is called, this property will reflect the public key of the data key pair. The public key is exposed in PEM format for convenience. Always empty when GenerateDataKey is called. |