Package software.amazon.awssdk.services.kms.model

Interface DeriveSharedSecretResponse.Builder

    • Method Detail

      • keyId

        DeriveSharedSecretResponse.Builder keyId​(String keyId)

        Identifies the KMS key used to derive the shared secret.

        Parameters:
        keyId - Identifies the KMS key used to derive the shared secret.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • sharedSecret

        DeriveSharedSecretResponse.Builder sharedSecret​(SdkBytes sharedSecret)

        The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer's public key.

        If the response includes the CiphertextForRecipient field, the SharedSecret field is null or empty.

        Parameters:
        sharedSecret - The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer's public key.

        If the response includes the CiphertextForRecipient field, the SharedSecret field is null or empty.

        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • ciphertextForRecipient

        DeriveSharedSecretResponse.Builder ciphertextForRecipient​(SdkBytes ciphertextForRecipient)

        The plaintext shared secret encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

        This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

        Parameters:
        ciphertextForRecipient - The plaintext shared secret encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

        This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • keyAgreementAlgorithm

        DeriveSharedSecretResponse.Builder keyAgreementAlgorithm​(String keyAgreementAlgorithm)

        Identifies the key agreement algorithm used to derive the shared secret.

        Parameters:
        keyAgreementAlgorithm - Identifies the key agreement algorithm used to derive the shared secret.
        Returns:
        Returns a reference to this object so that method calls can be chained together.
        See Also:
        KeyAgreementAlgorithmSpec, KeyAgreementAlgorithmSpec

      • keyOrigin

        DeriveSharedSecretResponse.Builder keyOrigin​(String keyOrigin)

        The source of the key material for the specified KMS key.

        When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material.

        The only valid values for DeriveSharedSecret are AWS_KMS and EXTERNAL. DeriveSharedSecret does not support KMS keys with a KeyOrigin value of AWS_CLOUDHSM or EXTERNAL_KEY_STORE.

        Parameters:
        keyOrigin - The source of the key material for the specified KMS key.

        When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material.

        The only valid values for DeriveSharedSecret are AWS_KMS and EXTERNAL. DeriveSharedSecret does not support KMS keys with a KeyOrigin value of AWS_CLOUDHSM or EXTERNAL_KEY_STORE.

        Returns:
        Returns a reference to this object so that method calls can be chained together.
        See Also:
        OriginType, OriginType

      • keyOrigin

        DeriveSharedSecretResponse.Builder keyOrigin​(OriginType keyOrigin)

        The source of the key material for the specified KMS key.

        When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material.

        The only valid values for DeriveSharedSecret are AWS_KMS and EXTERNAL. DeriveSharedSecret does not support KMS keys with a KeyOrigin value of AWS_CLOUDHSM or EXTERNAL_KEY_STORE.

        Parameters:
        keyOrigin - The source of the key material for the specified KMS key.

        When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material.

        The only valid values for DeriveSharedSecret are AWS_KMS and EXTERNAL. DeriveSharedSecret does not support KMS keys with a KeyOrigin value of AWS_CLOUDHSM or EXTERNAL_KEY_STORE.

        Returns:
        Returns a reference to this object so that method calls can be chained together.
        See Also:
        OriginType, OriginType