com.amazonaws.services.kms.model

Class ReEncryptRequest

java.lang.Object

com.amazonaws.AmazonWebServiceRequest

com.amazonaws.services.kms.model.ReEncryptRequest

All Implemented Interfaces:

Serializable, Cloneable

public class ReEncryptRequest
extends AmazonWebServiceRequest
implements Serializable

Encrypts data on the server side with a new customer master key (CMK) without exposing the plaintext of the data on the client side. The data is first decrypted and then reencrypted. You can also use this operation to change the encryption context of a ciphertext.

You can reencrypt data using CMKs in different AWS accounts.

Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom on the source CMK and once as ReEncryptTo on the destination CMK. We recommend that you include the "kms:ReEncrypt*" permission in your key policies to permit reencryption from or to the CMK. This permission is automatically included in the key policy when you create a CMK through the console. But you must include it manually when you create a CMK programmatically or when you set a key policy with the PutKeyPolicy operation.

The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
ReEncryptRequest()

Method Summary

Modifier and Type	Method and Description
ReEncryptRequest	addDestinationEncryptionContextEntry(String key, String value) Encryption context to use when the data is reencrypted.
ReEncryptRequest	addSourceEncryptionContextEntry(String key, String value) Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.
ReEncryptRequest	clearDestinationEncryptionContextEntries() Removes all the entries added into DestinationEncryptionContext.
ReEncryptRequest	clearSourceEncryptionContextEntries() Removes all the entries added into SourceEncryptionContext.
boolean	equals(Object obj)
ByteBuffer	getCiphertextBlob() Ciphertext of the data to reencrypt.
Map<String,String>	getDestinationEncryptionContext() Encryption context to use when the data is reencrypted.
String	getDestinationKeyId() A unique identifier for the CMK that is used to reencrypt the data.
List<String>	getGrantTokens() A list of grant tokens.
Map<String,String>	getSourceEncryptionContext() Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.
int	hashCode()
void	setCiphertextBlob(ByteBuffer ciphertextBlob) Ciphertext of the data to reencrypt.
void	setDestinationEncryptionContext(Map<String,String> destinationEncryptionContext) Encryption context to use when the data is reencrypted.
void	setDestinationKeyId(String destinationKeyId) A unique identifier for the CMK that is used to reencrypt the data.
void	setGrantTokens(Collection<String> grantTokens) A list of grant tokens.
void	setSourceEncryptionContext(Map<String,String> sourceEncryptionContext) Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.
String	toString() Returns a string representation of this object; useful for testing and debugging.
ReEncryptRequest	withCiphertextBlob(ByteBuffer ciphertextBlob) Ciphertext of the data to reencrypt.
ReEncryptRequest	withDestinationEncryptionContext(Map<String,String> destinationEncryptionContext) Encryption context to use when the data is reencrypted.
ReEncryptRequest	withDestinationKeyId(String destinationKeyId) A unique identifier for the CMK that is used to reencrypt the data.
ReEncryptRequest	withGrantTokens(Collection<String> grantTokens) A list of grant tokens.
ReEncryptRequest	withGrantTokens(String... grantTokens) A list of grant tokens.
ReEncryptRequest	withSourceEncryptionContext(Map<String,String> sourceEncryptionContext) Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Methods inherited from class com.amazonaws.AmazonWebServiceRequest

clone, copyBaseTo, getCloneRoot, getCloneSource, getGeneralProgressListener, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, withGeneralProgressListener, withRequestMetricCollector

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ReEncryptRequest

public ReEncryptRequest()

Method Detail

getCiphertextBlob

public ByteBuffer getCiphertextBlob()

Ciphertext of the data to reencrypt.

Constraints:
Length: 1 - 6144

Returns:

Ciphertext of the data to reencrypt.

setCiphertextBlob

public void setCiphertextBlob(ByteBuffer ciphertextBlob)

Ciphertext of the data to reencrypt.

Constraints:
Length: 1 - 6144

Parameters:

ciphertextBlob -

Ciphertext of the data to reencrypt.

withCiphertextBlob

public ReEncryptRequest withCiphertextBlob(ByteBuffer ciphertextBlob)

Ciphertext of the data to reencrypt.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 6144

Parameters:

ciphertextBlob -

Ciphertext of the data to reencrypt.

Returns:

A reference to this updated object so that method calls can be chained together.

getSourceEncryptionContext

public Map<String,String> getSourceEncryptionContext()

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Returns:

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

setSourceEncryptionContext

public void setSourceEncryptionContext(Map<String,String> sourceEncryptionContext)

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Parameters:

sourceEncryptionContext -

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

withSourceEncryptionContext

public ReEncryptRequest withSourceEncryptionContext(Map<String,String> sourceEncryptionContext)

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Returns a reference to this object so that method calls can be chained together.

Parameters:

sourceEncryptionContext -

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Returns:

A reference to this updated object so that method calls can be chained together.

addSourceEncryptionContextEntry

public ReEncryptRequest addSourceEncryptionContextEntry(String key,
                                                        String value)

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

The method adds a new key-value pair into SourceEncryptionContext parameter, and returns a reference to this object so that method calls can be chained together.

Parameters:

key - The key of the entry to be added into SourceEncryptionContext.

value - The corresponding value of the entry to be added into SourceEncryptionContext.

Returns:

A reference to this updated object so that method calls can be chained together.

clearSourceEncryptionContextEntries

public ReEncryptRequest clearSourceEncryptionContextEntries()

Removes all the entries added into SourceEncryptionContext.

Returns a reference to this object so that method calls can be chained together.

getDestinationKeyId

public String getDestinationKeyId()

A unique identifier for the CMK that is used to reencrypt the data.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

Constraints:
Length: 1 - 2048

Returns:

A unique identifier for the CMK that is used to reencrypt the data.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

setDestinationKeyId

public void setDestinationKeyId(String destinationKeyId)

A unique identifier for the CMK that is used to reencrypt the data.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

Constraints:
Length: 1 - 2048

Parameters:

destinationKeyId -

A unique identifier for the CMK that is used to reencrypt the data.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

withDestinationKeyId

public ReEncryptRequest withDestinationKeyId(String destinationKeyId)

A unique identifier for the CMK that is used to reencrypt the data.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 2048

Parameters:

destinationKeyId -

A unique identifier for the CMK that is used to reencrypt the data.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

Returns:

A reference to this updated object so that method calls can be chained together.

getDestinationEncryptionContext

public Map<String,String> getDestinationEncryptionContext()

Encryption context to use when the data is reencrypted.

Returns:

Encryption context to use when the data is reencrypted.

setDestinationEncryptionContext

public void setDestinationEncryptionContext(Map<String,String> destinationEncryptionContext)

Encryption context to use when the data is reencrypted.

Parameters:

destinationEncryptionContext -

Encryption context to use when the data is reencrypted.

withDestinationEncryptionContext

public ReEncryptRequest withDestinationEncryptionContext(Map<String,String> destinationEncryptionContext)

Encryption context to use when the data is reencrypted.

Returns a reference to this object so that method calls can be chained together.

Parameters:

destinationEncryptionContext -

Encryption context to use when the data is reencrypted.

Returns:

A reference to this updated object so that method calls can be chained together.

addDestinationEncryptionContextEntry

public ReEncryptRequest addDestinationEncryptionContextEntry(String key,
                                                             String value)

Encryption context to use when the data is reencrypted.

The method adds a new key-value pair into DestinationEncryptionContext parameter, and returns a reference to this object so that method calls can be chained together.

Parameters:

key - The key of the entry to be added into DestinationEncryptionContext.

value - The corresponding value of the entry to be added into DestinationEncryptionContext.

Returns:

A reference to this updated object so that method calls can be chained together.

clearDestinationEncryptionContextEntries

public ReEncryptRequest clearDestinationEncryptionContextEntries()

Removes all the entries added into DestinationEncryptionContext.

Returns a reference to this object so that method calls can be chained together.

getGrantTokens

public List<String> getGrantTokens()

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

setGrantTokens

public void setGrantTokens(Collection<String> grantTokens)

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Parameters:

grantTokens -

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

withGrantTokens

public ReEncryptRequest withGrantTokens(String... grantTokens)

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Returns a reference to this object so that method calls can be chained together.

Parameters:

grantTokens -

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

A reference to this updated object so that method calls can be chained together.

withGrantTokens

public ReEncryptRequest withGrantTokens(Collection<String> grantTokens)

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Returns a reference to this object so that method calls can be chained together.

Parameters:

grantTokens -

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

A reference to this updated object so that method calls can be chained together.

toString

public String toString()

Returns a string representation of this object; useful for testing and debugging.

Overrides:

toString in class Object

Returns:

A string representation of this object.

See Also:

Object.toString()

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object