-
Fields Field Description com.amazonaws.encryptionsdk.internal.Constants.MESSAGE_ID_LEN This value may change based onCryptoAlgorithm.getMessageIdLength()com.amazonaws.encryptionsdk.internal.VersionInfo.CURRENT_CIPHERTEXT_VERSION This value is now controlled byCryptoAlgorithm.getMessageFormatVersion()
-
Methods Method Description com.amazonaws.encryptionsdk.AwsCrypto.decryptString(MasterKeyProvider<K>, String) Use theAwsCrypto.decryptData(MasterKeyProvider, byte[])andAwsCrypto.encryptData(MasterKeyProvider, byte[], Map)APIs instead.encryptStringanddecryptStringwork as expected if you use them together. However, to work with other language implementations of the AWS Encryption SDK, you need to base64-decode the output ofencryptStringand base64-encode the input todecryptString. These deprecated APIs will be removed in the future.com.amazonaws.encryptionsdk.AwsCrypto.encryptString(MasterKeyProvider<K>, String, Map<String, String>) Use theAwsCrypto.encryptData(MasterKeyProvider, byte[], Map)andAwsCrypto.decryptData(MasterKeyProvider, byte[])APIs instead.encryptStringanddecryptStringwork as expected if you use them together. However, to work with other language implementations of the AWS Encryption SDK, you need to base64-decode the output ofencryptStringand base64-encode the input todecryptString. These deprecated APIs will be removed in the future.com.amazonaws.encryptionsdk.AwsCrypto.getDefaultCryptoAlgorithm() The recommended crypto algorithm may change in the future. Instead of using this method, the Aws Crypto client will choose a sensible default for encryption if none is specified and you are passing in either aMasterKeyProvideror aDefaultCryptoMaterialsManagerto the encrypt methods.com.amazonaws.encryptionsdk.CryptoAlgorithm.deserialize(short) com.amazonaws.encryptionsdk.kms.KmsMasterKey.getInstance(AWSCredentials, String) Use aKmsMasterKeyProviderto obtainKmsMasterKeys.com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider.addGrantToken(String) This method is inherently not thread safe. UseKmsMasterKeyProvider.withGrantTokens(List)orKmsMasterKey.setGrantTokens(List)instead.KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider.Builder.build() This method implicitly configures the KMS Master Key Provider to perform discovery behavior on decrypt, which is a behavior that should be constructed explicitly. To create a KMS Master Key Provider that continues to perform discovery on decrypt, useKmsMasterKeyProvider.Builder.buildDiscovery()orKmsMasterKeyProvider.Builder.buildDiscovery(DiscoveryFilter). To create a KMS Master Key Provider that restricts what keys to attempt decryption with to a set of configured keys, useKmsMasterKeyProvider.Builder.buildStrict(List).com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider.Builder.withKeysForEncryption(String...) This method allows for configuringkeyIdsfor encryption on KMS Master Key Providers that perform the discovery behavior on decrypt, which results in a complex behavior mode for the KMS Master Key Provider. UseKmsMasterKeyProvider.Builder.buildStrict(List)to construct a Master Key Provider that uses the suppliedkeysIdsfor encryption and decryption. If a KMS Master Key Provider that decrypts with discovery behavior is still required, useKmsMasterKeyProvider.Builder.buildDiscovery()orKmsMasterKeyProvider.Builder.buildDiscovery(DiscoveryFilter)to construct a seperate Master Key Provider that is used for decryption.com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider.setGrantTokens(List<String>) This method is inherently not thread safe. UseKmsMasterKey.setGrantTokens(List)instead.KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.
-
Constructors Constructor Description com.amazonaws.encryptionsdk.AwsCrypto() This constructor implicitly configures the Aws Crypto client with a commitment policy that allows reading encrypted messages without commitment values. UseAwsCrypto.BuilderandAwsCrypto.Builder.withCommitmentPolicy(CommitmentPolicy)to explicitly build the AwsCrypto client with your desired policy.com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider() The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.com.amazonaws.encryptionsdk.model.CiphertextHeaders(byte, CiphertextType, CryptoAlgorithm, byte[], List<KeyBlob>, ContentType, int)