AWS Encryption SDK for C v2.4
Loading...
Searching...
No Matches
Data Fields
aws_cryptosdk_keyring_trace_record Struct Reference

#include <keyring_trace.h>

Data Fields

struct aws_string * wrapping_key_namespace
 
struct aws_string * wrapping_key_name
 
uint32_t flags
 

Detailed Description

When a keyring is called it produces a trace of what actions it took with the different wrapping keys it manages. The trace is a list of these records.

The flags argument uses bit flags to indicate which actions were taken.

The other arguments are identifiers which indicate which wrapping key was used to do data key encryption by a keyring. Most keyring implementations write the wrapping_key_namespace into the provider ID field of EDKs and the wrapping_key_name into the provider info field of EDKs, and all new keyring implementations should follow this practice. For legacy reasons, the raw AES keyring includes other data in the provider ID field, but only the first part of that field corresponds to what is stored in the name field here.

Note: "Master Key (MK)" is used as a class name in the Java and Python implementations of the AWS Encryption SDK, where it is an abstraction of a single wrapping key, and "Master Key Provider (MKP)" is a class that provides multiple wrapping keys. In the AWS Encryption SDK for C, the keyring replaces both of these concepts. It handles one or multiple wrapping keys, which makes it similar to an MKP, but from an API perspective it is in some ways closer to an MK. In order to avoid confusion with the MK class of the Java and Python SDKs, we always refer to a single entity used by a keyring for data key encryption as a wrapping key.

The motivating example of a wrapping key is a KMS CMK, for which the namespace is "aws-kms" and the name is the key ARN.

Definition at line 50 of file keyring_trace.h.

Field Documentation

◆ flags

uint32_t aws_cryptosdk_keyring_trace_record::flags

Definition at line 53 of file keyring_trace.h.

◆ wrapping_key_name

struct aws_string* aws_cryptosdk_keyring_trace_record::wrapping_key_name

Definition at line 52 of file keyring_trace.h.

◆ wrapping_key_namespace

struct aws_string* aws_cryptosdk_keyring_trace_record::wrapping_key_namespace

Definition at line 51 of file keyring_trace.h.

The documentation for this struct was generated from the following file:
Generated by doxygen 1.13.2