Class WrappedRawMaterials
- java.lang.Object
-
- com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.AbstractRawMaterials
-
- com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.WrappedRawMaterials
-
- All Implemented Interfaces:
CryptographicMaterials,DecryptionMaterials,EncryptionMaterials
- Direct Known Subclasses:
AsymmetricRawMaterials
public class WrappedRawMaterials extends AbstractRawMaterials
Represents cryptographic materials used to manage unique record-level keys. This class specifically implements Envelope Encryption where a unique content key is randomly generated each time this class is constructed which is then encrypted with the Wrapping Key and then persisted in the Description. If a wrapped key is present in the Description, then that content key is unwrapped and used to decrypt the actual data in the record. Other possibly implementations might use a Key-Derivation Function to derive a unique key per record.- Author:
- Greg Rubin
-
-
Field Summary
Fields Modifier and Type Field Description static StringCONTENT_KEY_ALGORITHMThe key-name in the Description which contains the algorithm used by the content key.static StringENVELOPE_KEYThe key-name in the Description which which contains the wrapped content key.static StringKEY_WRAPPING_ALGORITHMThe key-name in the Description which contains the algorithm use to wrap content key.protected KeyunwrappingKeyprotected KeywrappingKey
-
Constructor Summary
Constructors Constructor Description WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, KeyPair signingPair)WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, KeyPair signingPair, Map<String,String> description)WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, SecretKey macKey)WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, SecretKey macKey, Map<String,String> description)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected SecretKeygenerateContentKey(String algorithm)SecretKeygetDecryptionKey()SecretKeygetEncryptionKey()protected SecretKeyinitEnvelopeKey()Called by the constructors.protected SecretKeyunwrapKey(Map<String,String> description, byte[] encryptedKey, String wrappingAlgorithm)byte[]wrapKey(SecretKey key, String wrappingAlg)-
Methods inherited from class com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.AbstractRawMaterials
getMaterialDescription, getSigningKey, getVerificationKey, setMaterialDescription
-
-
-
-
Field Detail
-
KEY_WRAPPING_ALGORITHM
public static final String KEY_WRAPPING_ALGORITHM
The key-name in the Description which contains the algorithm use to wrap content key. Example values are "AESWrap", or "RSA/ECB/OAEPWithSHA-256AndMGF1Padding".- See Also:
- Constant Field Values
-
CONTENT_KEY_ALGORITHM
public static final String CONTENT_KEY_ALGORITHM
The key-name in the Description which contains the algorithm used by the content key. Example values are "AES", or "Blowfish".- See Also:
- Constant Field Values
-
ENVELOPE_KEY
public static final String ENVELOPE_KEY
The key-name in the Description which which contains the wrapped content key.- See Also:
- Constant Field Values
-
wrappingKey
protected final Key wrappingKey
-
unwrappingKey
protected final Key unwrappingKey
-
-
Constructor Detail
-
WrappedRawMaterials
public WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, KeyPair signingPair) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
WrappedRawMaterials
public WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, KeyPair signingPair, Map<String,String> description) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
WrappedRawMaterials
public WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, SecretKey macKey) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
WrappedRawMaterials
public WrappedRawMaterials(Key wrappingKey, Key unwrappingKey, SecretKey macKey, Map<String,String> description) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
-
Method Detail
-
getDecryptionKey
public SecretKey getDecryptionKey()
-
getEncryptionKey
public SecretKey getEncryptionKey()
-
initEnvelopeKey
protected SecretKey initEnvelopeKey() throws GeneralSecurityException
Called by the constructors. If there is already a key associated with this record (usually signified by a value stored in the description in the keyENVELOPE_KEY) it extracts it and returns it. Otherwise it generates a new key, stores a wrapped version in the Description, and returns the key to the caller.- Returns:
- the content key (which is returned by both
getDecryptionKey()andgetEncryptionKey(). - Throws:
GeneralSecurityException
-
wrapKey
public byte[] wrapKey(SecretKey key, String wrappingAlg) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException
-
unwrapKey
protected SecretKey unwrapKey(Map<String,String> description, byte[] encryptedKey, String wrappingAlgorithm) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException
-
generateContentKey
protected SecretKey generateContentKey(String algorithm) throws NoSuchAlgorithmException
- Throws:
NoSuchAlgorithmException
-
-