public class GenerateDataKeyWithoutPlaintextRequest extends AmazonWebServiceRequest implements java.io.Serializable
Returns a data encryption key encrypted under a customer master key (CMK). This operation is identical to GenerateDataKey but returns only the encrypted copy of the data key.
This operation is useful in a system that has multiple components with
different degrees of trust. For example, consider a system that stores
encrypted data in containers. Each container stores the encrypted data and an
encrypted copy of the data key. One component of the system, called the
control plane, creates new containers. When it creates a new
container, it uses this operation (
GenerateDataKeyWithoutPlaintext
) to get an encrypted data key
and then stores it in the container. Later, a different component of the
system, called the data plane, puts encrypted data into the
containers. To do this, it passes the encrypted data key to the
Decrypt operation, then uses the returned plaintext data key to
encrypt data, and finally stores the encrypted data in the container. In this
system, the control plane never sees the plaintext data key.
Constructor and Description |
---|
GenerateDataKeyWithoutPlaintextRequest() |
Modifier and Type | Method and Description |
---|---|
GenerateDataKeyWithoutPlaintextRequest |
addEncryptionContextEntry(java.lang.String key,
java.lang.String value)
A set of key-value pairs that represents additional authenticated data.
|
GenerateDataKeyWithoutPlaintextRequest |
clearEncryptionContextEntries()
Removes all the entries added into EncryptionContext.
|
boolean |
equals(java.lang.Object obj) |
java.util.Map<java.lang.String,java.lang.String> |
getEncryptionContext()
A set of key-value pairs that represents additional authenticated data.
|
java.util.List<java.lang.String> |
getGrantTokens()
A list of grant tokens.
|
java.lang.String |
getKeyId()
The identifier of the CMK under which to generate and encrypt the data
encryption key.
|
java.lang.String |
getKeySpec()
The length of the data encryption key.
|
java.lang.Integer |
getNumberOfBytes()
The length of the data encryption key in bytes.
|
int |
hashCode() |
void |
setEncryptionContext(java.util.Map<java.lang.String,java.lang.String> encryptionContext)
A set of key-value pairs that represents additional authenticated data.
|
void |
setGrantTokens(java.util.Collection<java.lang.String> grantTokens)
A list of grant tokens.
|
void |
setKeyId(java.lang.String keyId)
The identifier of the CMK under which to generate and encrypt the data
encryption key.
|
void |
setKeySpec(DataKeySpec keySpec)
The length of the data encryption key.
|
void |
setKeySpec(java.lang.String keySpec)
The length of the data encryption key.
|
void |
setNumberOfBytes(java.lang.Integer numberOfBytes)
The length of the data encryption key in bytes.
|
java.lang.String |
toString()
Returns a string representation of this object; useful for testing and
debugging.
|
GenerateDataKeyWithoutPlaintextRequest |
withEncryptionContext(java.util.Map<java.lang.String,java.lang.String> encryptionContext)
A set of key-value pairs that represents additional authenticated data.
|
GenerateDataKeyWithoutPlaintextRequest |
withGrantTokens(java.util.Collection<java.lang.String> grantTokens)
A list of grant tokens.
|
GenerateDataKeyWithoutPlaintextRequest |
withGrantTokens(java.lang.String... grantTokens)
A list of grant tokens.
|
GenerateDataKeyWithoutPlaintextRequest |
withKeyId(java.lang.String keyId)
The identifier of the CMK under which to generate and encrypt the data
encryption key.
|
GenerateDataKeyWithoutPlaintextRequest |
withKeySpec(DataKeySpec keySpec)
The length of the data encryption key.
|
GenerateDataKeyWithoutPlaintextRequest |
withKeySpec(java.lang.String keySpec)
The length of the data encryption key.
|
GenerateDataKeyWithoutPlaintextRequest |
withNumberOfBytes(java.lang.Integer numberOfBytes)
The length of the data encryption key in bytes.
|
clone, getCloneRoot, getCloneSource, getGeneralProgressListener, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, withGeneralProgressListener, withRequestMetricCollector
public GenerateDataKeyWithoutPlaintextRequest()
public java.lang.String getKeyId()
The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
Constraints:
Length: 1 - 256
The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
public void setKeyId(java.lang.String keyId)
The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
Constraints:
Length: 1 - 256
keyId
- The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
public GenerateDataKeyWithoutPlaintextRequest withKeyId(java.lang.String keyId)
The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
Returns a reference to this object so that method calls can be chained together.
Constraints:
Length: 1 - 256
keyId
- The identifier of the CMK under which to generate and encrypt the data encryption key.
A valid identifier is the unique key ID or the Amazon Resource Name (ARN) of the CMK, or the alias name or ARN of an alias that refers to the CMK. Examples:
Unique key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
CMK ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
public java.util.Map<java.lang.String,java.lang.String> getEncryptionContext()
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
public void setEncryptionContext(java.util.Map<java.lang.String,java.lang.String> encryptionContext)
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
encryptionContext
- A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
public GenerateDataKeyWithoutPlaintextRequest withEncryptionContext(java.util.Map<java.lang.String,java.lang.String> encryptionContext)
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
Returns a reference to this object so that method calls can be chained together.
encryptionContext
- A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
public GenerateDataKeyWithoutPlaintextRequest addEncryptionContextEntry(java.lang.String key, java.lang.String value)
A set of key-value pairs that represents additional authenticated data.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
The method adds a new key-value pair into EncryptionContext parameter, and returns a reference to this object so that method calls can be chained together.
key
- The key of the entry to be added into EncryptionContext.value
- The corresponding value of the entry to be added into
EncryptionContext.public GenerateDataKeyWithoutPlaintextRequest clearEncryptionContextEntries()
Returns a reference to this object so that method calls can be chained together.
public java.lang.String getKeySpec()
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Constraints:
Allowed Values: AES_256, AES_128
The length of the data encryption key. Use AES_128
to generate a 128-bit symmetric key, or AES_256
to
generate a 256-bit symmetric key.
DataKeySpec
public void setKeySpec(java.lang.String keySpec)
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Constraints:
Allowed Values: AES_256, AES_128
keySpec
-
The length of the data encryption key. Use
AES_128
to generate a 128-bit symmetric key, or
AES_256
to generate a 256-bit symmetric key.
DataKeySpec
public GenerateDataKeyWithoutPlaintextRequest withKeySpec(java.lang.String keySpec)
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Allowed Values: AES_256, AES_128
keySpec
-
The length of the data encryption key. Use
AES_128
to generate a 128-bit symmetric key, or
AES_256
to generate a 256-bit symmetric key.
DataKeySpec
public void setKeySpec(DataKeySpec keySpec)
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Constraints:
Allowed Values: AES_256, AES_128
keySpec
-
The length of the data encryption key. Use
AES_128
to generate a 128-bit symmetric key, or
AES_256
to generate a 256-bit symmetric key.
DataKeySpec
public GenerateDataKeyWithoutPlaintextRequest withKeySpec(DataKeySpec keySpec)
The length of the data encryption key. Use AES_128
to
generate a 128-bit symmetric key, or AES_256
to generate a
256-bit symmetric key.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Allowed Values: AES_256, AES_128
keySpec
-
The length of the data encryption key. Use
AES_128
to generate a 128-bit symmetric key, or
AES_256
to generate a 256-bit symmetric key.
DataKeySpec
public java.lang.Integer getNumberOfBytes()
The length of the data encryption key in bytes. For example, use the
value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
common key lengths (128-bit and 256-bit symmetric keys), we recommend
that you use the KeySpec
field instead of this one.
Constraints:
Range: 1 - 1024
The length of the data encryption key in bytes. For example, use
the value 64 to generate a 512-bit data key (64 bytes is 512
bits). For common key lengths (128-bit and 256-bit symmetric
keys), we recommend that you use the KeySpec
field
instead of this one.
public void setNumberOfBytes(java.lang.Integer numberOfBytes)
The length of the data encryption key in bytes. For example, use the
value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
common key lengths (128-bit and 256-bit symmetric keys), we recommend
that you use the KeySpec
field instead of this one.
Constraints:
Range: 1 - 1024
numberOfBytes
-
The length of the data encryption key in bytes. For example,
use the value 64 to generate a 512-bit data key (64 bytes is
512 bits). For common key lengths (128-bit and 256-bit
symmetric keys), we recommend that you use the
KeySpec
field instead of this one.
public GenerateDataKeyWithoutPlaintextRequest withNumberOfBytes(java.lang.Integer numberOfBytes)
The length of the data encryption key in bytes. For example, use the
value 64 to generate a 512-bit data key (64 bytes is 512 bits). For
common key lengths (128-bit and 256-bit symmetric keys), we recommend
that you use the KeySpec
field instead of this one.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Range: 1 - 1024
numberOfBytes
-
The length of the data encryption key in bytes. For example,
use the value 64 to generate a 512-bit data key (64 bytes is
512 bits). For common key lengths (128-bit and 256-bit
symmetric keys), we recommend that you use the
KeySpec
field instead of this one.
public java.util.List<java.lang.String> getGrantTokens()
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
public void setGrantTokens(java.util.Collection<java.lang.String> grantTokens)
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
grantTokens
- A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
public GenerateDataKeyWithoutPlaintextRequest withGrantTokens(java.lang.String... grantTokens)
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
Returns a reference to this object so that method calls can be chained together.
grantTokens
- A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
public GenerateDataKeyWithoutPlaintextRequest withGrantTokens(java.util.Collection<java.lang.String> grantTokens)
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
Returns a reference to this object so that method calls can be chained together.
grantTokens
- A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
public java.lang.String toString()
toString
in class java.lang.Object
Object.toString()
public int hashCode()
hashCode
in class java.lang.Object
public boolean equals(java.lang.Object obj)
equals
in class java.lang.Object
Copyright © 2010 Amazon Web Services, Inc. All Rights Reserved.