/// <summary>
/// Generates an instruction that will be used to encrypt an object
/// using materials with the KMSKeyID set.
/// </summary>
/// <param name="kmsClient">
/// Used to call KMS to generate a data key.
/// </param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt data.
/// </param>
/// <returns>
/// The instruction that will be used to encrypt an object.
/// </returns>
internal static EncryptionInstructions GenerateInstructionsForKMSMaterials(ICoreAmazonKMS kmsClient, EncryptionMaterials materials)
{
if (materials.KMSKeyID != null)
{
var iv = new byte[IVLength];
// Generate IV, and get both the key and the encrypted key from KMS.
RandomNumberGenerator.Create().GetBytes(iv);
var result = kmsClient.GenerateDataKey(materials.KMSKeyID, materials.MaterialsDescription, KMSKeySpec);
return(new EncryptionInstructions(materials.MaterialsDescription, result.KeyPlaintext, result.KeyCiphertext, iv));
}
else
{
throw new ArgumentException("Error generating encryption instructions. EncryptionMaterials must have the KMSKeyID set.");
}
}
public GenerateDataKeyResult GenerateDataKey(string keyID, Dictionary <string, string> encryptionContext, string keySpec)
{
EnsureWrappedClientIsInstantiated();
return(wrappedClient.GenerateDataKey(keyID, encryptionContext, keySpec));
}
