Package software.amazon.awssdk.services.kms.model

Class GetPublicKeyResponse

    • Method Detail

      • keyId

        public final String keyId()

        The Amazon Resource Name (key ARN) of the asymmetric KMS key from which the public key was downloaded.

        Returns:
        The Amazon Resource Name (key ARN) of the asymmetric KMS key from which the public key was downloaded.

      • publicKey

        public final SdkBytes publicKey()

        The exported public key.

        The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.

        Returns:
        The exported public key.

        The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.

      • customerMasterKeySpec

        @Deprecated
public final CustomerMasterKeySpec customerMasterKeySpec()
        Deprecated.
        This field has been deprecated. Instead, use the KeySpec field.

        Instead, use the KeySpec field in the GetPublicKey response.

        The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.

        If the service returns an enum value that is not available in the current SDK version, customerMasterKeySpec will return CustomerMasterKeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from customerMasterKeySpecAsString().

        Returns:
        Instead, use the KeySpec field in the GetPublicKey response.

        The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.

        See Also:
        CustomerMasterKeySpec

      • customerMasterKeySpecAsString

        @Deprecated
public final String customerMasterKeySpecAsString()
        Deprecated.
        This field has been deprecated. Instead, use the KeySpec field.

        Instead, use the KeySpec field in the GetPublicKey response.

        The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.

        If the service returns an enum value that is not available in the current SDK version, customerMasterKeySpec will return CustomerMasterKeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from customerMasterKeySpecAsString().

        Returns:
        Instead, use the KeySpec field in the GetPublicKey response.

        The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.

        See Also:
        CustomerMasterKeySpec

      • keySpec

        public final KeySpec keySpec()

        The type of the of the public key that was downloaded.

        If the service returns an enum value that is not available in the current SDK version, keySpec will return KeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keySpecAsString().

        Returns:
        The type of the of the public key that was downloaded.
        See Also:
        KeySpec

      • keySpecAsString

        public final String keySpecAsString()

        The type of the of the public key that was downloaded.

        If the service returns an enum value that is not available in the current SDK version, keySpec will return KeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keySpecAsString().

        Returns:
        The type of the of the public key that was downloaded.
        See Also:
        KeySpec

      • keyUsage

        public final KeyUsageType keyUsage()

        The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY.

        This information is critical. If a public key with SIGN_VERIFY key usage encrypts data outside of KMS, the ciphertext cannot be decrypted.

        If the service returns an enum value that is not available in the current SDK version, keyUsage will return KeyUsageType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyUsageAsString().

        Returns:
        The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY.

        This information is critical. If a public key with SIGN_VERIFY key usage encrypts data outside of KMS, the ciphertext cannot be decrypted.

        See Also:
        KeyUsageType

      • keyUsageAsString

        public final String keyUsageAsString()

        The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY.

        This information is critical. If a public key with SIGN_VERIFY key usage encrypts data outside of KMS, the ciphertext cannot be decrypted.

        If the service returns an enum value that is not available in the current SDK version, keyUsage will return KeyUsageType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyUsageAsString().

        Returns:
        The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY.

        This information is critical. If a public key with SIGN_VERIFY key usage encrypts data outside of KMS, the ciphertext cannot be decrypted.

        See Also:
        KeyUsageType

      • encryptionAlgorithms

        public final List<EncryptionAlgorithmSpec> encryptionAlgorithms()

        The encryption algorithms that KMS supports for this key.

        This information is critical. If a public key encrypts data outside of KMS by using an unsupported encryption algorithm, the ciphertext cannot be decrypted.

        This field appears in the response only when the KeyUsage of the public key is ENCRYPT_DECRYPT.

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasEncryptionAlgorithms() method.

        Returns:
        The encryption algorithms that KMS supports for this key.

        This information is critical. If a public key encrypts data outside of KMS by using an unsupported encryption algorithm, the ciphertext cannot be decrypted.

        This field appears in the response only when the KeyUsage of the public key is ENCRYPT_DECRYPT.

      • hasEncryptionAlgorithms

        public final boolean hasEncryptionAlgorithms()
        For responses, this returns true if the service returned a value for the EncryptionAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • encryptionAlgorithmsAsStrings

        public final List<String> encryptionAlgorithmsAsStrings()

        The encryption algorithms that KMS supports for this key.

        This information is critical. If a public key encrypts data outside of KMS by using an unsupported encryption algorithm, the ciphertext cannot be decrypted.

        This field appears in the response only when the KeyUsage of the public key is ENCRYPT_DECRYPT.

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasEncryptionAlgorithms() method.

        Returns:
        The encryption algorithms that KMS supports for this key.

        This information is critical. If a public key encrypts data outside of KMS by using an unsupported encryption algorithm, the ciphertext cannot be decrypted.

        This field appears in the response only when the KeyUsage of the public key is ENCRYPT_DECRYPT.

      • signingAlgorithms

        public final List<SigningAlgorithmSpec> signingAlgorithms()

        The signing algorithms that KMS supports for this key.

        This field appears in the response only when the KeyUsage of the public key is SIGN_VERIFY.

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasSigningAlgorithms() method.

        Returns:
        The signing algorithms that KMS supports for this key.

        This field appears in the response only when the KeyUsage of the public key is SIGN_VERIFY.

      • hasSigningAlgorithms

        public final boolean hasSigningAlgorithms()
        For responses, this returns true if the service returned a value for the SigningAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • signingAlgorithmsAsStrings

        public final List<String> signingAlgorithmsAsStrings()

        The signing algorithms that KMS supports for this key.

        This field appears in the response only when the KeyUsage of the public key is SIGN_VERIFY.

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasSigningAlgorithms() method.

        Returns:
        The signing algorithms that KMS supports for this key.

        This field appears in the response only when the KeyUsage of the public key is SIGN_VERIFY.

      • toString

        public final String toString()
        Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
        Overrides:
        toString in class Object