Package | Description |
---|---|
com.amazonaws.services.kms | |
com.amazonaws.services.s3 |
Synchronous client for accessing Amazon S3.
|
com.amazonaws.services.s3.internal.crypto |
Modifier and Type | Class and Description |
---|---|
class |
AWSKMSAsyncClient
Interface for accessing KMS asynchronously.
|
Modifier and Type | Field and Description |
---|---|
private AWSKMSClient |
AmazonS3EncryptionClient.kms |
Modifier and Type | Method and Description |
---|---|
private AWSKMSClient |
AmazonS3EncryptionClient.newAWSKMSClient(AWSCredentialsProvider credentialsProvider,
ClientConfiguration clientConfig,
CryptoConfiguration cryptoConfig,
RequestMetricCollector requestMetricCollector)
Creates and returns a new instance of AWS KMS client in the case when
an explicit AWS KMS client is not specified.
|
Constructor and Description |
---|
AmazonS3EncryptionClient(AWSKMSClient kms,
AWSCredentialsProvider credentialsProvider,
EncryptionMaterialsProvider kekMaterialsProvider,
ClientConfiguration clientConfig,
CryptoConfiguration cryptoConfig,
RequestMetricCollector requestMetricCollector) |
Modifier and Type | Field and Description |
---|---|
protected AWSKMSClient |
S3CryptoModuleBase.kms |
Modifier and Type | Method and Description |
---|---|
private static javax.crypto.SecretKey |
ContentCryptoMaterial.cek(byte[] cekSecured,
java.lang.String keyWrapAlgo,
EncryptionMaterials materials,
java.security.Provider securityProvider,
ContentCryptoScheme contentCryptoScheme,
AWSKMSClient kms)
Returns the content encrypting key unwrapped or decrypted.
|
private static javax.crypto.SecretKey |
ContentCryptoMaterial.cekByKMS(byte[] cekSecured,
java.lang.String keyWrapAlgo,
EncryptionMaterials materials,
ContentCryptoScheme contentCryptoScheme,
AWSKMSClient kms)
Decrypts the secured CEK via KMS; involves network calls.
|
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.create(javax.crypto.SecretKey cek,
byte[] iv,
EncryptionMaterials kekMaterials,
ContentCryptoScheme contentCryptoScheme,
S3CryptoScheme targetScheme,
java.security.Provider provider,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Returns a new instance of
ContentCryptoMaterial for the
input parameters using the specified content crypto scheme, and the key
wrapping and secure randomness specified of the specified s3 crypto
scheme. |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.create(javax.crypto.SecretKey cek,
byte[] iv,
EncryptionMaterials kekMaterials,
S3CryptoScheme scheme,
java.security.Provider provider,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Returns a new instance of
ContentCryptoMaterial
for the input parameters using the specified s3 crypto scheme. |
private static ContentCryptoMaterial |
ContentCryptoMaterial.doCreate(javax.crypto.SecretKey cek,
byte[] iv,
EncryptionMaterials kekMaterials,
ContentCryptoScheme contentCryptoScheme,
S3CryptoScheme targetS3CryptoScheme,
java.security.Provider provider,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Returns a new instance of
ContentCryptoMaterial for the
given input parameters by using the specified content crypto scheme, and
S3 crypto scheme. |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.fromInstructionFile(java.util.Map<java.lang.String,java.lang.String> instFile,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
boolean keyWrapExpected,
AWSKMSClient kms) |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.fromInstructionFile(java.util.Map<java.lang.String,java.lang.String> instFile,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
long[] range,
ExtraMaterialsDescription extra,
boolean keyWrapExpected,
AWSKMSClient kms)
Factory method to return the content crypto material from the S3
instruction file, using the specified key encrypting key material
accessor and an optional security provider.
|
private static ContentCryptoMaterial |
ContentCryptoMaterial.fromInstructionFile0(java.util.Map<java.lang.String,java.lang.String> instFile,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
long[] range,
ExtraMaterialsDescription extra,
boolean keyWrapExpected,
AWSKMSClient kms) |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.fromObjectMetadata(ObjectMetadata metadata,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
boolean keyWrapExpected,
AWSKMSClient kms) |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.fromObjectMetadata(ObjectMetadata metadata,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
long[] range,
ExtraMaterialsDescription extra,
boolean keyWrapExpected,
AWSKMSClient kms)
Factory method to return the content crypto material from the S3 object
meta data, using the specified key encrypting key material accessor and
an optional security provider.
|
private static ContentCryptoMaterial |
ContentCryptoMaterial.fromObjectMetadata0(ObjectMetadata metadata,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
long[] range,
ExtraMaterialsDescription extra,
boolean keyWrapExpected,
AWSKMSClient kms) |
(package private) ContentCryptoMaterial |
ContentCryptoMaterial.recreate(EncryptionMaterials newKEK,
EncryptionMaterialsAccessor accessor,
S3CryptoScheme targetScheme,
java.security.Provider p,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Recreates a new content crypto material from the current material given a
new KEK encryption materials.
|
(package private) ContentCryptoMaterial |
ContentCryptoMaterial.recreate(java.util.Map<java.lang.String,java.lang.String> newKEKMatDesc,
EncryptionMaterialsAccessor accessor,
S3CryptoScheme targetScheme,
java.security.Provider p,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Recreates a new content crypto material from the current material given a
new KEK material-descriptions.
|
private static SecuredCEK |
ContentCryptoMaterial.secureCEK(javax.crypto.SecretKey cek,
EncryptionMaterials materials,
S3KeyWrapScheme kwScheme,
java.security.SecureRandom srand,
java.security.Provider p,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Secure the given CEK.
|