Package software.amazon.awssdk.services.kms.model

Class GenerateDataKeyResponse

    • Method Detail

      • ciphertextBlob

        public final SdkBytes ciphertextBlob()

        The encrypted copy of the data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.

        Returns:
        The encrypted copy of the data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.

      • plaintext

        public final SdkBytes plaintext()

        The plaintext data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. Use this data key to encrypt your data outside of KMS. Then, remove it from memory as soon as possible.

        If the response includes the CiphertextForRecipient field, the Plaintext field is null or empty.

        Returns:
        The plaintext data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. Use this data key to encrypt your data outside of KMS. Then, remove it from memory as soon as possible.

        If the response includes the CiphertextForRecipient field, the Plaintext field is null or empty.

      • keyId

        public final String keyId()

        The Amazon Resource Name (key ARN) of the KMS key that encrypted the data key.

        Returns:
        The Amazon Resource Name (key ARN) of the KMS key that encrypted the data key.

      • ciphertextForRecipient

        public final SdkBytes ciphertextForRecipient()

        The plaintext data key encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

        This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

        Returns:
        The plaintext data key encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

        This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

      • keyMaterialId

        public final String keyMaterialId()

        The identifier of the key material used to encrypt the data key. This field is omitted if the request includes the Recipient parameter.

        Returns:
        The identifier of the key material used to encrypt the data key. This field is omitted if the request includes the Recipient parameter.

      • toString

        public final String toString()
        Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
        Overrides:
        toString in class Object