public class GenerateDataKeyRequest extends AmazonWebServiceRequest implements java.io.Serializable
Returns a data encryption key that you can use in your application to encrypt data locally.
You must specify the customer master key (CMK) under which to generate the
data key. You must also specify the length of the data key using either the
KeySpec
or NumberOfBytes
field. You must specify
one field or the other, but not both. For common key lengths (128-bit and
256-bit symmetric keys), we recommend that you use KeySpec
.
This operation returns a plaintext copy of the data key in the
Plaintext
field of the response, and an encrypted copy of the
data key in the CiphertextBlob
field. The data key is encrypted
under the CMK specified in the KeyId
field of the request.
We recommend that you use the following pattern to encrypt data locally in your application:
Use this operation (GenerateDataKey
) to retrieve a data
encryption key.
Use the plaintext data encryption key (returned in the Plaintext
field of the response) to encrypt data locally, then erase the plaintext data
key from memory.
Store the encrypted data key (returned in the CiphertextBlob
field of the response) alongside the locally encrypted data.
To decrypt data locally:
Use the Decrypt operation to decrypt the encrypted data key into a plaintext copy of the data key.
Use the plaintext data key to decrypt data locally, then erase the plaintext data key from memory.
To return only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To return an arbitrary unpredictable byte string, use GenerateRandom.
If you use the optional EncryptionContext
field, you must store
at least enough information to be able to reconstruct the full encryption
context when you later send the ciphertext to the Decrypt operation.
It is a good practice to choose an encryption context that you can
reconstruct on the fly to better secure the ciphertext. For more information,
see Encryption Context in the AWS Key Management Service Developer
Guide.
Constructor and Description |
---|
GenerateDataKeyRequest() |
Modifier and Type | Method and Description |
---|---|
GenerateDataKeyRequest |
addEncryptionContextEntry(java.lang.String key,
java.lang.String value)
A set of key-value pairs that represents additional authenticated data.
|
GenerateDataKeyRequest |
clearEncryptionContextEntries()
Removes all the entries added into EncryptionContext.
|
boolean |
equals(java.lang.Object obj) |
java.util.Map<java.lang.String,java.lang.String> |
getEncryptionContext()
A set of key-value pairs that represents additional authenticated data.
|
java.util.List<java.lang.String> |
getGrantTokens()
A list of grant tokens.
|
java.lang.String |
getKeyId()
The identifier of the CMK under which to generate and encrypt the data
encryption key.
|
java.lang.String |
getKeySpec()
The length of the data encryption key.
|
java.lang.Integer |
getNumberOfBytes()
The length of the data encryption key in bytes.
|
int |
hashCode() |
void |
setEncryptionContext(java.util.Map<java.lang.String,java.lang.String> encryptionContext)
A set of key-value pairs that represents additional authenticated data.
|
void |
setGrantTokens(java.util.Collection<java.lang.String> grantTokens)
A list of grant tokens.
|
void |
setKeyId(java.lang.String keyId)
The identifier of the CMK under which to generate and encrypt the data
encryption key.
|
void |
setKeySpec(DataKeySpec keySpec)
The length of the data encryption key.
|
void |
setKeySpec(java.lang.String keySpec)
The length of the data encryption key.
|
void |
setNumberOfBytes(java.lang.Integer numberOfBytes)
The length of the data encryption key in bytes.
|
java.lang.String |
toString()
Returns a string representation of this object; useful for testing and
debugging.
|
GenerateDataKeyRequest |
withEncryptionContext(java.util.Map<java.lang.String,java.lang.String> encryptionContext)
A set of key-value pairs that represents additional authenticated data.
|
GenerateDataKeyRequest |
withGrantTokens(java.util.Collection<java.lang.String> grantTokens)
A list of grant tokens.
|
GenerateDataKeyRequest |
withGrantTokens(java.lang.String... grantTokens)
A list of grant tokens.
|
GenerateDataKeyRequest |
withKeyId(java.lang.String keyId)
The identifier of the CMK under which to generate and encrypt the data
encryption key.
|
GenerateDataKeyRequest |
withKeySpec(DataKeySpec keySpec)
The length of the data encryption key.
|
GenerateDataKeyRequest |
withKeySpec(java.lang.String keySpec)
The length of the data encryption key.
|
GenerateDataKeyRequest |
withNumberOfBytes(java.lang.Integer numberOfBytes)
The length of the data encryption key in bytes.
|
clone, getCloneRoot, getCloneSource, getGeneralProgressListener, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, withGeneralProgressListener, withRequestMetricCollector
public java.lang.String getKeyId()
The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
Constraints:
Length: 1 - 256
The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
public void setKeyId(java.lang.String keyId)
The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
Constraints:
Length: 1 - 256
keyId
- The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
public GenerateDataKeyRequest withKeyId(java.lang.String keyId)
The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
Returns a reference to this object so that method calls can be chained together.
Constraints:
Length: 1 - 256
keyId
- The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
public java.util.Map<java.lang.String,java.lang.String> getEncryptionContext()
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
public void setEncryptionContext(java.util.Map<java.lang.String,java.lang.String> encryptionContext)
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
encryptionContext
- A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
public GenerateDataKeyRequest withEncryptionContext(java.util.Map<java.lang.String,java.lang.String> encryptionContext)
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
Returns a reference to this object so that method calls can be chained together.
encryptionContext
- A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
public GenerateDataKeyRequest addEncryptionContextEntry(java.lang.String key, java.lang.String value)
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
The method adds a new key-value pair into EncryptionContext parameter, and returns a reference to this object so that method calls can be chained together.
key
- The key of the entry to be added into EncryptionContext.value
- The corresponding value of the entry to be added into
EncryptionContext.public GenerateDataKeyRequest clearEncryptionContextEntries()
Returns a reference to this object so that method calls can be chained together.
public java.lang.Integer getNumberOfBytes()
The length of the data encryption key in bytes. For example, use the
value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
common key lengths (128-bit and 256-bit symmetric keys), we recommend
that you use the KeySpec
field instead of this one.
Constraints:
Range: 1 - 1024
The length of the data encryption key in bytes. For example, use
the value 64 to generate a 512-bit data key (64 bytes is 512
bits). For common key lengths (128-bit and 256-bit symmetric
keys), we recommend that you use the KeySpec
field
instead of this one.
public void setNumberOfBytes(java.lang.Integer numberOfBytes)
The length of the data encryption key in bytes. For example, use the
value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
common key lengths (128-bit and 256-bit symmetric keys), we recommend
that you use the KeySpec
field instead of this one.
Constraints:
Range: 1 - 1024
numberOfBytes
-
The length of the data encryption key in bytes. For example,
use the value 64 to generate a 512-bit data key (64 bytes is
512 bits). For common key lengths (128-bit and 256-bit
symmetric keys), we recommend that you use the
KeySpec
field instead of this one.
public GenerateDataKeyRequest withNumberOfBytes(java.lang.Integer numberOfBytes)
The length of the data encryption key in bytes. For example, use the
value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
common key lengths (128-bit and 256-bit symmetric keys), we recommend
that you use the KeySpec
field instead of this one.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Range: 1 - 1024
numberOfBytes
-
The length of the data encryption key in bytes. For example,
use the value 64 to generate a 512-bit data key (64 bytes is
512 bits). For common key lengths (128-bit and 256-bit
symmetric keys), we recommend that you use the
KeySpec
field instead of this one.
public java.lang.String getKeySpec()
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Constraints:
Allowed Values: AES_256, AES_128
The length of the data encryption key. Use AES_128
to generate a 128-bit symmetric key, or AES_256
to
generate a 256-bit symmetric key.
DataKeySpec
public void setKeySpec(java.lang.String keySpec)
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Constraints:
Allowed Values: AES_256, AES_128
keySpec
-
The length of the data encryption key. Use
AES_128
to generate a 128-bit symmetric key, or
AES_256
to generate a 256-bit symmetric key.
DataKeySpec
public GenerateDataKeyRequest withKeySpec(java.lang.String keySpec)
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Allowed Values: AES_256, AES_128
keySpec
-
The length of the data encryption key. Use
AES_128
to generate a 128-bit symmetric key, or
AES_256
to generate a 256-bit symmetric key.
DataKeySpec
public void setKeySpec(DataKeySpec keySpec)
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Constraints:
Allowed Values: AES_256, AES_128
keySpec
-
The length of the data encryption key. Use
AES_128
to generate a 128-bit symmetric key, or
AES_256
to generate a 256-bit symmetric key.
DataKeySpec
public GenerateDataKeyRequest withKeySpec(DataKeySpec keySpec)
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Allowed Values: AES_256, AES_128
keySpec
-
The length of the data encryption key. Use
AES_128
to generate a 128-bit symmetric key, or
AES_256
to generate a 256-bit symmetric key.
DataKeySpec
public java.util.List<java.lang.String> getGrantTokens()
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
public void setGrantTokens(java.util.Collection<java.lang.String> grantTokens)
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
grantTokens
- A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
public GenerateDataKeyRequest withGrantTokens(java.lang.String... grantTokens)
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
Returns a reference to this object so that method calls can be chained together.
grantTokens
- A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
public GenerateDataKeyRequest withGrantTokens(java.util.Collection<java.lang.String> grantTokens)
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
Returns a reference to this object so that method calls can be chained together.
grantTokens
- A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
public java.lang.String toString()
toString
in class java.lang.Object
Object.toString()
public int hashCode()
hashCode
in class java.lang.Object
public boolean equals(java.lang.Object obj)
equals
in class java.lang.Object
Copyright © 2010 Amazon Web Services, Inc. All Rights Reserved.