Package com.amazonaws.encryptionsdk.kms

Class KmsMasterKey

java.lang.Object

com.amazonaws.encryptionsdk.MasterKeyProvider<K>

com.amazonaws.encryptionsdk.MasterKey<KmsMasterKey>

com.amazonaws.encryptionsdk.kms.KmsMasterKey

All Implemented Interfaces:

KmsMethods

public final class KmsMasterKey
extends MasterKey<KmsMasterKey>
implements KmsMethods

Represents a single Customer Master Key (CMK) and is used to encrypt/decrypt data with AwsCrypto.

Method Summary

Modifier and Type	Method	Description
void	addGrantToken(String grantToken)	Adds grantToken to the list of grantTokens sent to KMS when this class calls it.
DataKey<KmsMasterKey>	decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)	Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.
DataKey<KmsMasterKey>	encryptDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext, DataKey<?> dataKey)	Returns a new copy of the provided dataKey which is protected by this MasterKey for use with algorithm and associated with the provided encryptionContext.
DataKey<KmsMasterKey>	generateDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext)	Generates a new DataKey which is protected by this MasterKey for use with algorithm and associated with the provided encryptionContext.
List<String>	getGrantTokens()	Returns the grantTokens which this object sends to KMS when calling it.
static KmsMasterKey	getInstance(com.amazonaws.auth.AWSCredentialsProvider creds, String keyId)	Deprecated. Use a KmsMasterKeyProvider to obtain KmsMasterKeys.
static KmsMasterKey	getInstance(com.amazonaws.auth.AWSCredentials creds, String keyId)	Deprecated. Use a KmsMasterKeyProvider to obtain KmsMasterKeys.
String	getKeyId()
String	getProviderId()
void	setGrantTokens(List<String> grantTokens)	Sets the grantTokens which should be submitted to KMS when calling it.

Methods inherited from class com.amazonaws.encryptionsdk.MasterKey

canProvide, equals, getDefaultProviderId, getMasterKey, getMasterKeysForEncryption, hashCode, toString

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider

buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, getMasterKey

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Detail

getInstance

@Deprecated
public static KmsMasterKey getInstance(com.amazonaws.auth.AWSCredentials creds,
                                       String keyId)

Deprecated.

Use a KmsMasterKeyProvider to obtain KmsMasterKeys.

getInstance

@Deprecated
public static KmsMasterKey getInstance(com.amazonaws.auth.AWSCredentialsProvider creds,
                                       String keyId)

Deprecated.

Use a KmsMasterKeyProvider to obtain KmsMasterKeys.

getProviderId

public String getProviderId()

Specified by:

getProviderId in class MasterKey<KmsMasterKey>

getKeyId

public String getKeyId()

Specified by:

getKeyId in class MasterKey<KmsMasterKey>

generateDataKey

public DataKey<KmsMasterKey> generateDataKey(CryptoAlgorithm algorithm,
                                             Map<String,String> encryptionContext)

Description copied from class: MasterKey

Generates a new DataKey which is protected by this MasterKey for use with algorithm and associated with the provided encryptionContext.

Specified by:

generateDataKey in class MasterKey<KmsMasterKey>

setGrantTokens

public void setGrantTokens(List<String> grantTokens)

Description copied from interface: KmsMethods

Sets the grantTokens which should be submitted to KMS when calling it.

Specified by:

setGrantTokens in interface KmsMethods

getGrantTokens

public List<String> getGrantTokens()

Description copied from interface: KmsMethods

Returns the grantTokens which this object sends to KMS when calling it.

Specified by:

getGrantTokens in interface KmsMethods

addGrantToken

public void addGrantToken(String grantToken)

Description copied from interface: KmsMethods

Adds grantToken to the list of grantTokens sent to KMS when this class calls it.

Specified by:

addGrantToken in interface KmsMethods

encryptDataKey

public DataKey<KmsMasterKey> encryptDataKey(CryptoAlgorithm algorithm,
                                            Map<String,String> encryptionContext,
                                            DataKey<?> dataKey)

Description copied from class: MasterKey

Returns a new copy of the provided dataKey which is protected by this MasterKey for use with algorithm and associated with the provided encryptionContext.

Specified by:

encryptDataKey in class MasterKey<KmsMasterKey>

decryptDataKey

public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm algorithm,
                                            Collection<? extends EncryptedDataKey> encryptedDataKeys,
                                            Map<String,String> encryptionContext)
                                     throws UnsupportedProviderException,
                                            AwsCryptoException

Description copied from class: MasterKeyProvider

Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.

Specified by:

decryptDataKey in class MasterKeyProvider<KmsMasterKey>

Returns:

a DataKey if one can be decrypted, otherwise returns null

Throws:

UnsupportedProviderException - if the encryptedDataKey is associated with an unsupported provider

CannotUnwrapDataKeyException - if the encryptedDataKey cannot be decrypted

AwsCryptoException