Class AwsCrypto

  • public class AwsCrypto
    extends Object
    Provides the primary entry-point to the AWS Encryption SDK. All encryption and decryption operations should start here. Most people will want to use either encryptData(MasterKeyProvider, byte[], Map) and decryptData(MasterKeyProvider, byte[]) to encrypt/decrypt things.

    The core concepts (and classes) in this SDK are:

    AwsCrypto provides the primary way to encrypt/decrypt data. It can operate on byte-arrays, streams, or Strings. This data is encrypted using the specifed CryptoAlgorithm and a DataKey which is unique to each encrypted message. This DataKey is then encrypted using one (or more) MasterKeys. The process is reversed on decryption with the code selecting a copy of the DataKey protected by a usable MasterKey, decrypting the DataKey, and then decrypted the message.

    The main way to get a MasterKey is through the use of a MasterKeyProvider. This provides a common interface for the AwsEncryptionSdk to find and retrieve MasterKeys. (Some MasterKeys can also be constructed directly.)

    AwsCrypto uses the MasterKeyProvider to determine which MasterKeys should be used to encrypt the DataKeys by calling MasterKeyProvider.getMasterKeysForEncryption(MasterKeyRequest) . When more than one MasterKey is returned, the first MasterKeys is used to create the DataKeys by calling MasterKey.generateDataKey(CryptoAlgorithm,java.util.Map) . All of the other MasterKeys are then used to re-encrypt that DataKey with MasterKey.encryptDataKey(CryptoAlgorithm,java.util.Map,DataKey) . This list of EncryptedDataKeys (the same DataKey possibly encrypted multiple times) is stored in the CiphertextHeaders.

    AwsCrypto also uses the MasterKeyProvider to decrypt one of the EncryptedDataKeys from the header to retrieve the actual DataKey necessary to decrypt the message.

    Any place a MasterKeyProvider is used, a MasterKey can be used instead. The MasterKey will behave as a MasterKeyProvider which is only capable of providing itself. This is often useful when only one MasterKey is being used.

    Note regarding the use of generics: This library makes heavy use of generics to provide type safety to advanced developers. The great majority of users should be able to just use the provided type parameters or the ? wildcard.