com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials

Class WrappedRawMaterials

java.lang.Object

com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.AbstractRawMaterials

com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.WrappedRawMaterials

All Implemented Interfaces:

CryptographicMaterials, DecryptionMaterials, EncryptionMaterials

Direct Known Subclasses:

AsymmetricRawMaterials

public class WrappedRawMaterials
extends AbstractRawMaterials

Represents cryptographic materials used to manage unique record-level keys. This class specifically implements Envelope Encryption where a unique content key is randomly generated each time this class is constructed which is then encrypted with the Wrapping Key and then persisted in the Description. If a wrapped key is present in the Description, then that content key is unwrapped and used to decrypt the actual data in the record.

Other possibly implementations might use a Key-Derivation Function to derive a unique key per record.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CONTENT_KEY_ALGORITHM The key-name in the Description which contains the algorithm used by the content key.
static java.lang.String	ENVELOPE_KEY The key-name in the Description which which contains the wrapped content key.
static java.lang.String	KEY_WRAPPING_ALGORITHM The key-name in the Description which contains the algorithm use to wrap content key.
protected java.security.Key	unwrappingKey
protected java.security.Key	wrappingKey

Constructor Summary

Constructors

Constructor and Description
WrappedRawMaterials(java.security.Key wrappingKey, java.security.Key unwrappingKey, java.security.KeyPair signingPair)
WrappedRawMaterials(java.security.Key wrappingKey, java.security.Key unwrappingKey, java.security.KeyPair signingPair, java.util.Map<java.lang.String,java.lang.String> description)
WrappedRawMaterials(java.security.Key wrappingKey, java.security.Key unwrappingKey, javax.crypto.SecretKey macKey)
WrappedRawMaterials(java.security.Key wrappingKey, java.security.Key unwrappingKey, javax.crypto.SecretKey macKey, java.util.Map<java.lang.String,java.lang.String> description)

Method Summary

Modifier and Type	Method and Description
protected javax.crypto.SecretKey	generateContentKey(java.lang.String algorithm)
javax.crypto.SecretKey	getDecryptionKey()
javax.crypto.SecretKey	getEncryptionKey()
protected javax.crypto.SecretKey	initEnvelopeKey() Called by the constructors.
protected javax.crypto.SecretKey	unwrapKey(java.util.Map<java.lang.String,java.lang.String> description, byte[] encryptedKey, java.lang.String wrappingAlgorithm)
byte[]	wrapKey(javax.crypto.SecretKey key, java.lang.String wrappingAlg)

Methods inherited from class com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.AbstractRawMaterials

getMaterialDescription, getSigningKey, getVerificationKey, setMaterialDescription

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

KEY_WRAPPING_ALGORITHM

public static final java.lang.String KEY_WRAPPING_ALGORITHM

The key-name in the Description which contains the algorithm use to wrap content key. Example values are "AESWrap", or "RSA/ECB/OAEPWithSHA-256AndMGF1Padding".

See Also:

Constant Field Values

CONTENT_KEY_ALGORITHM

public static final java.lang.String CONTENT_KEY_ALGORITHM

The key-name in the Description which contains the algorithm used by the content key. Example values are "AES", or "Blowfish".

See Also:

Constant Field Values

ENVELOPE_KEY

public static final java.lang.String ENVELOPE_KEY

The key-name in the Description which which contains the wrapped content key.

See Also:

Constant Field Values

wrappingKey

protected final java.security.Key wrappingKey

unwrappingKey

protected final java.security.Key unwrappingKey

Constructor Detail

WrappedRawMaterials

public WrappedRawMaterials(java.security.Key wrappingKey,
                           java.security.Key unwrappingKey,
                           java.security.KeyPair signingPair)
                    throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

WrappedRawMaterials

public WrappedRawMaterials(java.security.Key wrappingKey,
                           java.security.Key unwrappingKey,
                           java.security.KeyPair signingPair,
                           java.util.Map<java.lang.String,java.lang.String> description)
                    throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

WrappedRawMaterials

public WrappedRawMaterials(java.security.Key wrappingKey,
                           java.security.Key unwrappingKey,
                           javax.crypto.SecretKey macKey)
                    throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

WrappedRawMaterials

public WrappedRawMaterials(java.security.Key wrappingKey,
                           java.security.Key unwrappingKey,
                           javax.crypto.SecretKey macKey,
                           java.util.Map<java.lang.String,java.lang.String> description)
                    throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

Method Detail

getDecryptionKey

public javax.crypto.SecretKey getDecryptionKey()

getEncryptionKey

public javax.crypto.SecretKey getEncryptionKey()

initEnvelopeKey

protected javax.crypto.SecretKey initEnvelopeKey()
                                          throws java.security.GeneralSecurityException

Called by the constructors. If there is already a key associated with this record (usually signified by a value stored in the description in the key ENVELOPE_KEY) it extracts it and returns it. Otherwise it generates a new key, stores a wrapped version in the Description, and returns the key to the caller.

Returns:

the content key (which is returned by both getDecryptionKey() and getEncryptionKey().

Throws:

java.security.GeneralSecurityException

wrapKey

public byte[] wrapKey(javax.crypto.SecretKey key,
                      java.lang.String wrappingAlg)
               throws java.security.NoSuchAlgorithmException,
                      javax.crypto.NoSuchPaddingException,
                      java.security.InvalidKeyException,
                      javax.crypto.IllegalBlockSizeException

Throws:

java.security.NoSuchAlgorithmException

javax.crypto.NoSuchPaddingException

java.security.InvalidKeyException

javax.crypto.IllegalBlockSizeException

unwrapKey

protected javax.crypto.SecretKey unwrapKey(java.util.Map<java.lang.String,java.lang.String> description,
                                           byte[] encryptedKey,
                                           java.lang.String wrappingAlgorithm)
                                    throws java.security.NoSuchAlgorithmException,
                                           javax.crypto.NoSuchPaddingException,
                                           java.security.InvalidKeyException

Throws:

java.security.NoSuchAlgorithmException

javax.crypto.NoSuchPaddingException

java.security.InvalidKeyException

generateContentKey

protected javax.crypto.SecretKey generateContentKey(java.lang.String algorithm)
                                             throws java.security.NoSuchAlgorithmException

Throws:

java.security.NoSuchAlgorithmException