public void GenerateKey(int keyBits, out byte[] key, out byte[] encryptedKey, IDictionary<string, string> context) { DataKeySpec keySpec; if (keyBits == 128) { keySpec = DataKeySpec.AES_128; } else if (keyBits == 256) { keySpec = DataKeySpec.AES_256; } else { throw new ArgumentException("only 128 and 256 bit keys are supported", "keyBits"); } var request = new GenerateDataKeyRequest { KeyId = _keyId, KeySpec = keySpec, EncryptionContext = AsDictionary(context) }; GenerateDataKeyResponse response = _client.GenerateDataKey(request); key = response.Plaintext.ToArray(); encryptedKey = response.CiphertextBlob.ToArray(); }
public object Execute(ExecutorContext context) { var cmdletContext = context as CmdletContext; // create request var request = new Amazon.KeyManagementService.Model.GenerateDataKeyRequest(); if (cmdletContext.EncryptionContext != null) { request.EncryptionContext = cmdletContext.EncryptionContext; } if (cmdletContext.GrantToken != null) { request.GrantTokens = cmdletContext.GrantToken; } if (cmdletContext.KeyId != null) { request.KeyId = cmdletContext.KeyId; } if (cmdletContext.KeySpec != null) { request.KeySpec = cmdletContext.KeySpec; } if (cmdletContext.NumberOfBytes != null) { request.NumberOfBytes = cmdletContext.NumberOfBytes.Value; } CmdletOutput output; // issue call var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint); try { var response = CallAWSServiceOperation(client, request); object pipelineOutput = null; pipelineOutput = cmdletContext.Select(response, this); output = new CmdletOutput { PipelineOutput = pipelineOutput, ServiceResponse = response }; } catch (Exception e) { output = new CmdletOutput { ErrorResponse = e }; } return(output); }
/// <summary> /// Initiates the asynchronous execution of the GenerateDataKey operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the GenerateDataKey operation.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> /// <returns>The task object representing the asynchronous operation.</returns> public Task<GenerateDataKeyResponse> GenerateDataKeyAsync(GenerateDataKeyRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new GenerateDataKeyRequestMarshaller(); var unmarshaller = GenerateDataKeyResponseUnmarshaller.Instance; return InvokeAsync<GenerateDataKeyRequest,GenerateDataKeyResponse>(request, marshaller, unmarshaller, cancellationToken); }
/// <summary> /// Generates a data key that you can use in your application to locally encrypt data. /// This call returns a plaintext version of the key in the <code>Plaintext</code> field /// of the response object and an encrypted copy of the key in the <code>CiphertextBlob</code> /// field. The key is encrypted by using the master key specified by the <code>KeyId</code> /// field. To decrypt the encrypted key, pass it to the <code>Decrypt</code> API. /// /// /// <para> /// We recommend that you use the following pattern to locally encrypt data: call the /// <code>GenerateDataKey</code> API, use the key returned in the <code>Plaintext</code> /// response field to locally encrypt data, and then erase the plaintext data key from /// memory. Store the encrypted data key (contained in the <code>CiphertextBlob</code> /// field) alongside of the locally encrypted data. /// </para> /// <note>You should not call the <code>Encrypt</code> function to re-encrypt your data /// keys within a region. <code>GenerateDataKey</code> always returns the data key encrypted /// and tied to the customer master key that will be used to decrypt it. There is no need /// to decrypt it twice. </note> /// <para> /// If you decide to use the optional <code>EncryptionContext</code> parameter, you must /// also store the context in full or at least store enough information along with the /// encrypted data to be able to reconstruct the context when submitting the ciphertext /// to the <code>Decrypt</code> API. It is a good practice to choose a context that you /// can reconstruct on the fly to better secure the ciphertext. For more information about /// how this parameter is used, see <a href="http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html">Encryption /// Context</a>. /// </para> /// /// <para> /// To decrypt data, pass the encrypted data key to the <code>Decrypt</code> API. <code>Decrypt</code> /// uses the associated master key to decrypt the encrypted data key and returns it as /// plaintext. Use the plaintext data key to locally decrypt your data and then erase /// the key from memory. You must specify the encryption context, if any, that you specified /// when you generated the key. The encryption context is logged by CloudTrail, and you /// can use this log to help track the use of particular data. /// </para> /// </summary> /// <param name="request">Container for the necessary parameters to execute the GenerateDataKey service method.</param> /// /// <returns>The response from the GenerateDataKey service method, as returned by KeyManagementService.</returns> /// <exception cref="Amazon.KeyManagementService.Model.DependencyTimeoutException"> /// The system timed out while trying to fulfill the request. /// </exception> /// <exception cref="Amazon.KeyManagementService.Model.DisabledException"> /// A request was rejected because the specified key was marked as disabled. /// </exception> /// <exception cref="Amazon.KeyManagementService.Model.InvalidGrantTokenException"> /// A grant token provided as part of the request is invalid. /// </exception> /// <exception cref="Amazon.KeyManagementService.Model.InvalidKeyUsageException"> /// The request was rejected because the specified KeySpec parameter is not valid. The /// currently supported value is ENCRYPT/DECRYPT. /// </exception> /// <exception cref="Amazon.KeyManagementService.Model.KeyUnavailableException"> /// The request was rejected because the key was disabled, not found, or otherwise not /// available. /// </exception> /// <exception cref="Amazon.KeyManagementService.Model.KMSInternalException"> /// The request was rejected because an internal exception occurred. This error can be /// retried. /// </exception> /// <exception cref="Amazon.KeyManagementService.Model.NotFoundException"> /// The request was rejected because the specified entity or resource could not be found. /// </exception> public GenerateDataKeyResponse GenerateDataKey(GenerateDataKeyRequest request) { var marshaller = new GenerateDataKeyRequestMarshaller(); var unmarshaller = GenerateDataKeyResponseUnmarshaller.Instance; return Invoke<GenerateDataKeyRequest,GenerateDataKeyResponse>(request, marshaller, unmarshaller); }
private Amazon.KeyManagementService.Model.GenerateDataKeyResponse CallAWSServiceOperation(IAmazonKeyManagementService client, Amazon.KeyManagementService.Model.GenerateDataKeyRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Key Management Service", "GenerateDataKey"); try { #if DESKTOP return(client.GenerateDataKey(request)); #elif CORECLR return(client.GenerateDataKeyAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
/// <summary> /// Initiates the asynchronous execution of the GenerateDataKey operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the GenerateDataKey operation on AmazonKeyManagementServiceClient.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> /// /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndGenerateDataKey /// operation.</returns> public IAsyncResult BeginGenerateDataKey(GenerateDataKeyRequest request, AsyncCallback callback, object state) { var marshaller = new GenerateDataKeyRequestMarshaller(); var unmarshaller = GenerateDataKeyResponseUnmarshaller.Instance; return BeginInvoke<GenerateDataKeyRequest>(request, marshaller, unmarshaller, callback, state); }