com.google.crypto.tink.aead

Class KmsAeadKeyManager

java.lang.Object

com.google.crypto.tink.internal.KeyTypeManager<KmsAeadKey>

com.google.crypto.tink.aead.KmsAeadKeyManager

public class KmsAeadKeyManager
extends KeyTypeManager<KmsAeadKey>

This key manager produces new instances of Aead that forwards encrypt/decrypt requests to a key residing in a remote KMS.

Nested Class Summary

Nested classes/interfaces inherited from class com.google.crypto.tink.internal.KeyTypeManager

KeyTypeManager.KeyFactory<KeyFormatProtoT extends com.google.protobuf.MessageLite,KeyProtoT extends com.google.protobuf.MessageLite>

Method Summary

Modifier and Type	Method and Description
static KeyTemplate	createKeyTemplate(String kekUri) Returns a new KeyTemplate that can generate a KmsAeadKey whose key encrypting key (KEK) is pointing to kekUri.
String	getKeyType() Returns the type URL that identifies the key type of keys managed by this KeyManager.
int	getVersion() Returns the version number of this KeyManager.
KeyTypeManager.KeyFactory<KmsAeadKeyFormat,KmsAeadKey>	keyFactory() Returns the KeyTypeManager.KeyFactory for this key type.
KeyData.KeyMaterialType	keyMaterialType() Returns the KeyData.KeyMaterialType for this proto.
KmsAeadKey	parseKey(com.google.protobuf.ByteString byteString) Parses a serialized key proto.
static void	register(boolean newKeyAllowed)
void	validateKey(KmsAeadKey key) Checks if the given keyProto is a valid key.

Methods inherited from class com.google.crypto.tink.internal.KeyTypeManager

fipsStatus, firstSupportedPrimitiveClass, getKeyClass, getPrimitive, supportedPrimitives

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getKeyType

public String getKeyType()

Description copied from class: KeyTypeManager

Returns the type URL that identifies the key type of keys managed by this KeyManager.

Specified by:

getKeyType in class KeyTypeManager<KmsAeadKey>

getVersion

public int getVersion()

Description copied from class: KeyTypeManager

Returns the version number of this KeyManager.

Specified by:

getVersion in class KeyTypeManager<KmsAeadKey>

keyMaterialType

public KeyData.KeyMaterialType keyMaterialType()

Description copied from class: KeyTypeManager

Returns the KeyData.KeyMaterialType for this proto.

Specified by:

keyMaterialType in class KeyTypeManager<KmsAeadKey>

validateKey

public void validateKey(KmsAeadKey key)
                 throws GeneralSecurityException

Description copied from class: KeyTypeManager

Checks if the given keyProto is a valid key.

Specified by:

validateKey in class KeyTypeManager<KmsAeadKey>

Throws:

GeneralSecurityException - if the passed keyProto is not valid in any way.

parseKey

public KmsAeadKey parseKey(com.google.protobuf.ByteString byteString)
                    throws com.google.protobuf.InvalidProtocolBufferException

Description copied from class: KeyTypeManager

Parses a serialized key proto.

Implement as return KeyProtoT.parseFrom(byteString);.

Specified by:

parseKey in class KeyTypeManager<KmsAeadKey>

Throws:

com.google.protobuf.InvalidProtocolBufferException

keyFactory

public KeyTypeManager.KeyFactory<KmsAeadKeyFormat,KmsAeadKey> keyFactory()

Description copied from class: KeyTypeManager

Returns the KeyTypeManager.KeyFactory for this key type.

By default, this throws an UnsupportedOperationException. Hence, if an implementation does not support creating primitives, no implementation is required.

Overrides:

keyFactory in class KeyTypeManager<KmsAeadKey>

register

public static void register(boolean newKeyAllowed)
                     throws GeneralSecurityException

Throws:

GeneralSecurityException

createKeyTemplate

public static KeyTemplate createKeyTemplate(String kekUri)

Returns a new KeyTemplate that can generate a KmsAeadKey whose key encrypting key (KEK) is pointing to kekUri. Keys generated by this key template uses RAW output prefix to make them compatible with the remote KMS' encrypt/decrypt operations. Unlike other templates, when you call KeysetHandle#generateNew with this template, Tink does not generate new key material, but only creates a reference to the remote KEK.