/// <summary> /// Generates an instruction that will be used to encrypt an object /// using materials with the KMSKeyID set. /// </summary> /// <param name="kmsClient"> /// Used to call KMS to generate a data key. /// </param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt data. /// </param> /// <returns> /// The instruction that will be used to encrypt an object. /// </returns> internal static EncryptionInstructions GenerateInstructionsForKMSMaterials(ICoreAmazonKMS kmsClient, EncryptionMaterials materials) { if (materials.KMSKeyID != null) { var iv = new byte[IVLength]; // Generate IV, and get both the key and the encrypted key from KMS. RandomNumberGenerator.Create().GetBytes(iv); var result = kmsClient.GenerateDataKey(materials.KMSKeyID, materials.MaterialsDescription, KMSKeySpec); return(new EncryptionInstructions(materials.MaterialsDescription, result.KeyPlaintext, result.KeyCiphertext, iv)); } else { throw new ArgumentException("Error generating encryption instructions. EncryptionMaterials must have the KMSKeyID set."); } }
public GenerateDataKeyResult GenerateDataKey(string keyID, Dictionary <string, string> encryptionContext, string keySpec) { EnsureWrappedClientIsInstantiated(); return(wrappedClient.GenerateDataKey(keyID, encryptionContext, keySpec)); }