Package software.amazon.encryption.s3

Enum CommitmentPolicy

  • All Implemented Interfaces:
    Serializable, Comparable<CommitmentPolicy>
    public enum CommitmentPolicy
extends Enum<CommitmentPolicy>
    Defines the S3 Encryption Client's key commitment behavior during encryption and decryption operations. Key commitment ensures each encrypted object can be decrypted to only a single plaintext by cryptographically binding the data key to the encrypted object.

    For more information, refer to the Developer Guide.

    • Enum Constant Detail

      • FORBID_ENCRYPT_ALLOW_DECRYPT

        public static final CommitmentPolicy FORBID_ENCRYPT_ALLOW_DECRYPT
        This policy forbids the client from encrypting objects with an algorithm suite which supports key commitment. This policy allows decryption of objects using algorithm suites which do not support key commitment. Objects encrypted with key commitment may be decrypted as well.

        This client will write objects that any v3 client can read and any v4 client can read. This client can read objects written by any v3 or v4 client. This is the default (and only) policy for v3 clients.

      • REQUIRE_ENCRYPT_ALLOW_DECRYPT

        public static final CommitmentPolicy REQUIRE_ENCRYPT_ALLOW_DECRYPT
        This policy requires the client to encrypt objects using an algorithm suite which supports key commitment. This policy allows decryption of objects using algorithm suites which do not support key commitment. Objects encrypted with key commitment may be decrypted as well.

        This client will write objects that any v4 client can read. Only V4 clients and the latest V3 client can read objects written by a client using this policy. This client can read objects written by any V3 or V4 client.

      • REQUIRE_ENCRYPT_REQUIRE_DECRYPT

        public static final CommitmentPolicy REQUIRE_ENCRYPT_REQUIRE_DECRYPT
        This policy requires the client to encrypt objects using an algorithm suite which supports key commitment. This policy requires that objects have been encrypted using an algorithm suite which supports key commitment.

        This client will write objects that any v4 client can read. Only V4 clients and the latest V3 clients can read objects written by a client using this policy. This client can only read objects written by v4 clients with key commitment enabled. This is the most secure policy and should be used when all objects are encrypted with key commitment.

    • Method Detail

      • values

        public static CommitmentPolicy[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (CommitmentPolicy c : CommitmentPolicy.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static CommitmentPolicy valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null

      • requiresEncrypt

        public boolean requiresEncrypt()
        Indicates whether this commitment policy requires key commitment for encryption operations.
        Returns:
        true if encryption must use algorithm suites that support key commitment

      • requiresDecrypt

        public boolean requiresDecrypt()
        Indicates whether this commitment policy requires key commitment for decryption operations.
        Returns:
        true if decryption can only succeed for messages with valid key commitment