| Package | Description |
|---|---|
| com.amazonaws.encryptionsdk |
Contains
AwsCrypto, the primary entry-point to the Aws
Encryption SDK. |
| com.amazonaws.encryptionsdk.exception |
Contains the various exceptions which may be thrown by the AWS Encryption SDK.
|
| com.amazonaws.encryptionsdk.internal |
Contains the internal classes that handle the cryptographic defined by the message formats and
algorithms.
|
| com.amazonaws.encryptionsdk.jce | |
| com.amazonaws.encryptionsdk.kms |
Contains logic necessary to create
MasterKeys backed by AWS
KMS keys. |
| com.amazonaws.encryptionsdk.kmssdkv2 |
Contains logic necessary to create
MasterKeys backed by AWS
KMS keys. |
| Modifier and Type | Method and Description |
|---|---|
protected AwsCryptoException |
MasterKeyProvider.buildCannotDecryptDksException() |
protected AwsCryptoException |
MasterKeyProvider.buildCannotDecryptDksException(List<? extends Throwable> t) |
protected AwsCryptoException |
MasterKeyProvider.buildCannotDecryptDksException(Throwable t) |
| Modifier and Type | Method and Description |
|---|---|
abstract DataKey<K> |
MasterKeyProvider.decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext)
Iterates through
encryptedDataKeys and returns the first one which can be successfully
decrypted. |
| Modifier and Type | Class and Description |
|---|---|
class |
BadCiphertextException
This exception is thrown when the values found in a ciphertext message are invalid or corrupt.
|
class |
CannotUnwrapDataKeyException
This exception is thrown when there are no
DataKeys which can be decrypted. |
class |
NoSuchMasterKeyException
This exception is thrown when the SDK attempts to use a
MasterKey which either doesn't
exist or to which it doesn't have access. |
class |
ParseException
This exception is thrown when there are not enough bytes to parse a primitive, a specified number
of bytes, or the bytes does not properly represent the desired object.
|
class |
UnsupportedProviderException
This exception is thrown when there are no
MasterKeyProviders which which support the
requested provider value. |
| Modifier and Type | Method and Description |
|---|---|
static DecryptionHandler<?> |
DecryptionHandler.create(CryptoMaterialsManager materialsManager,
CiphertextHeaders headers,
CommitmentPolicy commitmentPolicy,
SignaturePolicy signaturePolicy,
int maxEncryptedDataKeys)
Deprecated.
This version may have to recalculate the number of bytes already parsed, which adds
a performance penalty. Use
DecryptionHandler.create(CryptoMaterialsManager, ParsedCiphertext,
CommitmentPolicy, SignaturePolicy, int) instead, which makes the parsed byte count
directly available instead. |
static DecryptionHandler<?> |
DecryptionHandler.create(CryptoMaterialsManager materialsManager,
CommitmentPolicy commitmentPolicy,
SignaturePolicy signaturePolicy,
int maxEncryptedDataKeys)
Create a decryption handler using the provided materials manager.
|
static DecryptionHandler<?> |
DecryptionHandler.create(CryptoMaterialsManager materialsManager,
ParsedCiphertext headers,
CommitmentPolicy commitmentPolicy,
SignaturePolicy signaturePolicy,
int maxEncryptedDataKeys)
Create a decryption handler using the provided materials manager and already parsed
headers. |
static <K extends MasterKey<K>> |
DecryptionHandler.create(MasterKeyProvider<K> customerMasterKeyProvider,
CiphertextHeaders headers,
CommitmentPolicy commitmentPolicy,
SignaturePolicy signaturePolicy,
int maxEncryptedDataKeys)
Deprecated.
This version may have to recalculate the number of bytes already parsed, which adds
a performance penalty. Use
DecryptionHandler.create(CryptoMaterialsManager, ParsedCiphertext,
CommitmentPolicy, SignaturePolicy, int) instead, which makes the parsed byte count
directly available instead. |
static <K extends MasterKey<K>> |
DecryptionHandler.create(MasterKeyProvider<K> customerMasterKeyProvider,
CommitmentPolicy commitmentPolicy,
SignaturePolicy signaturePolicy,
int maxEncryptedDataKeys)
Create a decryption handler using the provided master key.
|
static <K extends MasterKey<K>> |
DecryptionHandler.create(MasterKeyProvider<K> customerMasterKeyProvider,
ParsedCiphertext headers,
CommitmentPolicy commitmentPolicy,
SignaturePolicy signaturePolicy,
int maxEncryptedDataKeys)
Create a decryption handler using the provided master key and already parsed
headers. |
ProcessingSummary |
DecryptionHandler.processBytes(byte[] in,
int off,
int len,
byte[] out,
int outOff)
Decrypt the ciphertext bytes provided in
in and copy the plaintext bytes to out. |
ProcessingSummary |
EncryptionHandler.processBytes(byte[] in,
int off,
int len,
byte[] out,
int outOff)
Encrypt a block of bytes from
in putting the plaintext result into out. |
| Constructor and Description |
|---|
EncryptionHandler(int frameSize,
EncryptionMaterials result,
CommitmentPolicy commitmentPolicy)
Create an encryption handler using the provided master key and encryption context.
|
| Modifier and Type | Method and Description |
|---|---|
DataKey<JceMasterKey> |
JceMasterKey.decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext) |
DataKey<JceMasterKey> |
KeyStoreProvider.decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext)
Attempts to decrypts the
encryptedDataKeys by first iterating through all aliasNames specified in the constructor and then over all other compatible keys in
the KeyStore. |
| Modifier and Type | Method and Description |
|---|---|
DataKey<AwsKmsMrkAwareMasterKey> |
AwsKmsMrkAwareMasterKeyProvider.decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext) |
DataKey<KmsMasterKey> |
KmsMasterKey.decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext) |
DataKey<AwsKmsMrkAwareMasterKey> |
AwsKmsMrkAwareMasterKey.decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext)
Will attempt to decrypt if awsKmsArnMatchForDecrypt returns true in
AwsKmsMrkAwareMasterKey#filterEncryptedDataKeys(String, AwsKmsCmkArnInfo, EncryptedDataKey). |
DataKey<KmsMasterKey> |
KmsMasterKeyProvider.decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext) |
Copyright © 2023. All rights reserved.