com.amazonaws.encryptionsdk.jce

Class JceMasterKey

java.lang.Object

com.amazonaws.encryptionsdk.MasterKeyProvider<K>

com.amazonaws.encryptionsdk.MasterKey<JceMasterKey>

com.amazonaws.encryptionsdk.jce.JceMasterKey

public class JceMasterKey
extends MasterKey<JceMasterKey>

Represents a MasterKey backed by one (or more) JCE Keys. Instances of this should only be acquired using getInstance(SecretKey, String, String, String) or getInstance(PublicKey, PrivateKey, String, String, String).

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	JceMasterKey(String providerName, String keyId, JceKeyCipher jceKeyCipher)

Method Summary

Modifier and Type	Method and Description
DataKey<JceMasterKey>	decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.
DataKey<JceMasterKey>	encryptDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext, DataKey<?> dataKey) Returns a new copy of the provided dataKey which is protected by this MasterKey for use with algorithm and associated with the provided encryptionContext.
DataKey<JceMasterKey>	generateDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext) Generates a new DataKey which is protected by this MasterKey for use with algorithm and associated with the provided encryptionContext.
static JceMasterKey	getInstance(PublicKey wrappingKey, PrivateKey unwrappingKey, String provider, String keyId, String wrappingAlgorithm) Returns a JceMasterKey backed by the asymmetric key pair unwrappingKey and wrappingKey using wrappingAlgorithm.
static JceMasterKey	getInstance(SecretKey key, String provider, String keyId, String wrappingAlgorithm) Returns a JceMasterKey backed by the symmetric key key using wrappingAlgorithm.
String	getKeyId()
String	getProviderId()

Methods inherited from class com.amazonaws.encryptionsdk.MasterKey

canProvide, equals, getDefaultProviderId, getMasterKey, getMasterKeysForEncryption, hashCode, toString

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider

buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, getMasterKey

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

JceMasterKey

protected JceMasterKey(String providerName,
                       String keyId,
                       JceKeyCipher jceKeyCipher)

Method Detail

getInstance

public static JceMasterKey getInstance(SecretKey key,
                                       String provider,
                                       String keyId,
                                       String wrappingAlgorithm)

Returns a JceMasterKey backed by the symmetric key key using wrappingAlgorithm. Currently "AES/GCM/NoPadding" is the only supported value for symmetric wrappingAlgorithms.

Parameters:

key - key used to wrap/unwrap (encrypt/decrypt) DataKeys

provider -

keyId -

wrappingAlgorithm -

Returns:

getInstance

public static JceMasterKey getInstance(PublicKey wrappingKey,
                                       PrivateKey unwrappingKey,
                                       String provider,
                                       String keyId,
                                       String wrappingAlgorithm)

Returns a JceMasterKey backed by the asymmetric key pair unwrappingKey and wrappingKey using wrappingAlgorithm. Currently only RSA algorithms are supported for asymmetric wrappingAlgorithms. If unwrappingKey is null then the returned JceMasterKey can only be used for encryption.

Parameters:

wrappingKey - key used to wrap (encrypt) DataKeys

unwrappingKey - (Optional) key used to unwrap (decrypt) DataKeys.

getProviderId

public String getProviderId()

Specified by:

getProviderId in class MasterKey<JceMasterKey>

getKeyId

public String getKeyId()

Specified by:

getKeyId in class MasterKey<JceMasterKey>

generateDataKey

public DataKey<JceMasterKey> generateDataKey(CryptoAlgorithm algorithm,
                                             Map<String,String> encryptionContext)

Description copied from class: MasterKey

Generates a new DataKey which is protected by this MasterKey for use with algorithm and associated with the provided encryptionContext.

Specified by:

generateDataKey in class MasterKey<JceMasterKey>

encryptDataKey

public DataKey<JceMasterKey> encryptDataKey(CryptoAlgorithm algorithm,
                                            Map<String,String> encryptionContext,
                                            DataKey<?> dataKey)

Description copied from class: MasterKey

Returns a new copy of the provided dataKey which is protected by this MasterKey for use with algorithm and associated with the provided encryptionContext.

Specified by:

encryptDataKey in class MasterKey<JceMasterKey>

decryptDataKey

public DataKey<JceMasterKey> decryptDataKey(CryptoAlgorithm algorithm,
                                            Collection<? extends EncryptedDataKey> encryptedDataKeys,
                                            Map<String,String> encryptionContext)
                                     throws UnsupportedProviderException,
                                            AwsCryptoException

Description copied from class: MasterKeyProvider

Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.

Specified by:

decryptDataKey in class MasterKeyProvider<JceMasterKey>

Returns:

a DataKey if one can be decrypted, otherwise returns null

Throws:

UnsupportedProviderException - if the encryptedDataKey is associated with an unsupported provider

CannotUnwrapDataKeyException - if the encryptedDataKey cannot be decrypted

AwsCryptoException