Class WrappedRawMaterials
java.lang.Object
com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.AbstractRawMaterials
com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.WrappedRawMaterials
- All Implemented Interfaces:
CryptographicMaterials
,DecryptionMaterials
,EncryptionMaterials
- Direct Known Subclasses:
AsymmetricRawMaterials
Represents cryptographic materials used to manage unique record-level keys. This class
specifically implements Envelope Encryption where a unique content key is randomly generated each
time this class is constructed which is then encrypted with the Wrapping Key and then persisted
in the Description. If a wrapped key is present in the Description, then that content key is
unwrapped and used to decrypt the actual data in the record.
Other possibly implementations might use a Key-Derivation Function to derive a unique key per record.
- Author:
- Greg Rubin
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The key-name in the Description which contains the algorithm used by the content key.static final String
The key-name in the Description which which contains the wrapped content key.static final String
The key-name in the Description which contains the algorithm use to wrap content key.protected final Key
protected final Key
-
Constructor Summary
ConstructorDescriptionWrappedRawMaterials
(Key wrappingKey, Key unwrappingKey, KeyPair signingPair) WrappedRawMaterials
(Key wrappingKey, Key unwrappingKey, KeyPair signingPair, Map<String, String> description) WrappedRawMaterials
(Key wrappingKey, Key unwrappingKey, SecretKey macKey) WrappedRawMaterials
(Key wrappingKey, Key unwrappingKey, SecretKey macKey, Map<String, String> description) -
Method Summary
Modifier and TypeMethodDescriptionprotected SecretKey
generateContentKey
(String algorithm) protected SecretKey
Called by the constructors.protected SecretKey
byte[]
Methods inherited from class com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.AbstractRawMaterials
getMaterialDescription, getSigningKey, getVerificationKey, setMaterialDescription
-
Field Details
-
KEY_WRAPPING_ALGORITHM
The key-name in the Description which contains the algorithm use to wrap content key. Example values are "AESWrap", or "RSA/ECB/OAEPWithSHA-256AndMGF1Padding".- See Also:
-
CONTENT_KEY_ALGORITHM
The key-name in the Description which contains the algorithm used by the content key. Example values are "AES", or "Blowfish".- See Also:
-
ENVELOPE_KEY
The key-name in the Description which which contains the wrapped content key.- See Also:
-
wrappingKey
-
unwrappingKey
-
-
Constructor Details
-
WrappedRawMaterials
public WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, KeyPair signingPair) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
WrappedRawMaterials
public WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, KeyPair signingPair, Map<String, String> description) throws GeneralSecurityException- Throws:
GeneralSecurityException
-
WrappedRawMaterials
public WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, SecretKey macKey) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
WrappedRawMaterials
public WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, SecretKey macKey, Map<String, String> description) throws GeneralSecurityException- Throws:
GeneralSecurityException
-
-
Method Details
-
getDecryptionKey
-
getEncryptionKey
-
initEnvelopeKey
Called by the constructors. If there is already a key associated with this record (usually signified by a value stored in the description in the keyENVELOPE_KEY
) it extracts it and returns it. Otherwise it generates a new key, stores a wrapped version in the Description, and returns the key to the caller.- Returns:
- the content key (which is returned by both
getDecryptionKey()
andgetEncryptionKey()
. - Throws:
GeneralSecurityException
-
wrapKey
public byte[] wrapKey(SecretKey key, String wrappingAlg) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException -
unwrapKey
protected SecretKey unwrapKey(Map<String, String> description, byte[] encryptedKey, String wrappingAlgorithm) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException -
generateContentKey
- Throws:
NoSuchAlgorithmException
-