Class: Aws::KMS::Types::DeriveSharedSecretResponse

Inherits:

Struct

• Object
• Struct
• Aws::KMS::Types::DeriveSharedSecretResponse

Includes:

Structure

Defined in:

lib/aws-sdk-kms/types.rb

Overview

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[:shared_secret]

Instance Attribute Summary

• #ciphertext_for_recipient ⇒ String

  The plaintext shared secret encrypted with the public key from the attestation document.

• #key_agreement_algorithm ⇒ String

  Identifies the key agreement algorithm used to derive the shared secret.

• #key_id ⇒ String

  Identifies the KMS key used to derive the shared secret.

• #key_origin ⇒ String

  The source of the key material for the specified KMS key.

• #shared_secret ⇒ String

  The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer’s public key.

Instance Attribute Details

#ciphertext_for_recipient ⇒ String

The plaintext shared secret encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

This field is included in the response only when the ‘Recipient` parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see [Cryptographic attestation support in KMS] in the *Key Management Service Developer Guide*.

[1]: docs.aws.amazon.com/kms/latest/developerguide/cryptographic-attestation.html

Returns:

• (String)

# File 'lib/aws-sdk-kms/types.rb', line 2028

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end

#key_agreement_algorithm ⇒ String

Identifies the key agreement algorithm used to derive the shared secret.

Returns:

• (String)

# File 'lib/aws-sdk-kms/types.rb', line 2028

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end

#key_id ⇒ String

Identifies the KMS key used to derive the shared secret.

Returns:

• (String)

# File 'lib/aws-sdk-kms/types.rb', line 2028

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end

#key_origin ⇒ String

The source of the key material for the specified KMS key.

When this value is ‘AWS_KMS`, KMS created the key material. When this value is `EXTERNAL`, the key material was imported or the KMS key doesn’t have any key material.

The only valid values for DeriveSharedSecret are ‘AWS_KMS` and `EXTERNAL`. DeriveSharedSecret does not support KMS keys with a `KeyOrigin` value of `AWS_CLOUDHSM` or `EXTERNAL_KEY_STORE`.

Returns:

• (String)

# File 'lib/aws-sdk-kms/types.rb', line 2028

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end

#shared_secret ⇒ String

The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer’s public key.

If the response includes the ‘CiphertextForRecipient` field, the `SharedSecret` field is null or empty.

Returns:

• (String)

# File 'lib/aws-sdk-kms/types.rb', line 2028

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end