/// <summary> /// Generates an instruction that will be used to encrypt an object /// using materials with the KMSKeyID set. /// </summary> /// <param name="kmsClient"> /// Used to call KMS to generate a data key. /// </param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt data. /// </param> /// <returns> /// The instruction that will be used to encrypt an object. /// </returns> internal static async System.Threading.Tasks.Task <EncryptionInstructions> GenerateInstructionsForKMSMaterialsAsync( ICoreAmazonKMS kmsClient, EncryptionMaterials materials) { if (materials.KMSKeyID != null) { var iv = new byte[IVLength]; // Generate IV, and get both the key and the encrypted key from KMS. RandomNumberGenerator.Create().GetBytes(iv); var result = await kmsClient.GenerateDataKeyAsync(materials.KMSKeyID, materials.MaterialsDescription, KMSKeySpec).ConfigureAwait(false); return(new EncryptionInstructions(materials.MaterialsDescription, result.KeyPlaintext, result.KeyCiphertext, iv)); } else { throw new ArgumentException("Error generating encryption instructions. EncryptionMaterials must have the KMSKeyID set."); } }
public async System.Threading.Tasks.Task <GenerateDataKeyResult> GenerateDataKeyAsync(string keyID, Dictionary <string, string> encryptionContext, string keySpec) { EnsureWrappedClientIsInstantiated(); return(await wrappedClient.GenerateDataKeyAsync(keyID, encryptionContext, keySpec).ConfigureAwait(false)); }