Package com.amazonaws.encryptionsdk.kms
Class KmsMasterKey
- All Implemented Interfaces:
KmsMethods
Represents a single Customer Master Key (CMK) and is used to encrypt/decrypt data with
AwsCrypto.
This component is not multi-Region key aware, and will treat every AWS KMS identifier as regionally isolated.
-
Method Summary
Modifier and TypeMethodDescriptionvoidaddGrantToken(String grantToken)AddsgrantTokento the list of grantTokens sent to KMS when this class calls it.decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)Iterates throughencryptedDataKeysand returns the first one which can be successfully decrypted.encryptDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext, DataKey<?> dataKey)Returns a new copy of the provideddataKeywhich is protected by thisMasterKeyfor use withalgorithmand associated with the providedencryptionContext.generateDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext)Returns the grantTokens which this object sends to KMS when calling it.getKeyId()voidsetGrantTokens(List<String> grantTokens)Sets thegrantTokenswhich should be submitted to KMS when calling it.Methods inherited from class com.amazonaws.encryptionsdk.MasterKey
canProvide, equals, getDefaultProviderId, getMasterKey, getMasterKeysForEncryption, hashCode, toStringMethods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, getMasterKey
-
Method Details
-
getProviderId
- Specified by:
getProviderIdin classMasterKey<KmsMasterKey>
-
getKeyId
- Specified by:
getKeyIdin classMasterKey<KmsMasterKey>
-
generateDataKey
public DataKey<KmsMasterKey> generateDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext)Description copied from class:MasterKeyGenerates a newDataKeywhich is protected by thisMasterKeyfor use withalgorithmand associated with the providedencryptionContext.- Specified by:
generateDataKeyin classMasterKey<KmsMasterKey>
-
setGrantTokens
Description copied from interface:KmsMethodsSets thegrantTokenswhich should be submitted to KMS when calling it.- Specified by:
setGrantTokensin interfaceKmsMethods
-
getGrantTokens
Description copied from interface:KmsMethodsReturns the grantTokens which this object sends to KMS when calling it.- Specified by:
getGrantTokensin interfaceKmsMethods
-
addGrantToken
Description copied from interface:KmsMethodsAddsgrantTokento the list of grantTokens sent to KMS when this class calls it.- Specified by:
addGrantTokenin interfaceKmsMethods
-
encryptDataKey
public DataKey<KmsMasterKey> encryptDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext, DataKey<?> dataKey)Description copied from class:MasterKeyReturns a new copy of the provideddataKeywhich is protected by thisMasterKeyfor use withalgorithmand associated with the providedencryptionContext.- Specified by:
encryptDataKeyin classMasterKey<KmsMasterKey>
-
decryptDataKey
public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws UnsupportedProviderException, AwsCryptoExceptionDescription copied from class:MasterKeyProviderIterates throughencryptedDataKeysand returns the first one which can be successfully decrypted.- Specified by:
decryptDataKeyin classMasterKeyProvider<KmsMasterKey>- Returns:
- a DataKey if one can be decrypted, otherwise returns
null - Throws:
UnsupportedProviderException- if theencryptedDataKeyis associated with an unsupported providerCannotUnwrapDataKeyException- if theencryptedDataKeycannot be decryptedAwsCryptoException
-