Class: Aws::KMS::Types::GenerateRandomRequest

Inherits:

Struct

• Object
• Struct
• Aws::KMS::Types::GenerateRandomRequest

Includes:

Structure

Defined in:

lib/aws-sdk-kms/types.rb

Overview

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #custom_key_store_id ⇒ String

  Generates the random byte string in the CloudHSM cluster that is associated with the specified CloudHSM key store.

• #number_of_bytes ⇒ Integer

  The length of the random byte string.

• #recipient ⇒ Types::RecipientInfo

  A signed [attestation document] from an Amazon Web Services Nitro enclave or NitroTPM, and the encryption algorithm to use with the public key in the attestation document.

Instance Attribute Details

#custom_key_store_id ⇒ String

Generates the random byte string in the CloudHSM cluster that is associated with the specified CloudHSM key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.

External key store IDs are not valid for this parameter. If you specify the ID of an external key store, GenerateRandom throws an UnsupportedOperationException.

Returns:

• (String)

# File 'lib/aws-sdk-kms/types.rb', line 3362

class GenerateRandomRequest < Struct.new(
  :number_of_bytes,
  :custom_key_store_id,
  :recipient)
  SENSITIVE = []
  include Aws::Structure
end

#number_of_bytes ⇒ Integer

The length of the random byte string. This parameter is required.

Returns:

• (Integer)

# File 'lib/aws-sdk-kms/types.rb', line 3362

class GenerateRandomRequest < Struct.new(
  :number_of_bytes,
  :custom_key_store_id,
  :recipient)
  SENSITIVE = []
  include Aws::Structure
end

#recipient ⇒ Types::RecipientInfo

A signed [attestation document] from an Amazon Web Services Nitro enclave or NitroTPM, and the encryption algorithm to use with the public key in the attestation document. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

This parameter supports the [Amazon Web Services Nitro Enclaves SDK] or any Amazon Web Services SDK for Amazon Web Services Nitro Enclaves. It supports any Amazon Web Services SDK for Amazon Web Services NitroTPM.

When you use this parameter, instead of returning plaintext bytes, KMS encrypts the plaintext bytes under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the attested environment. The Plaintext field in the response is null or empty.

For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see

Cryptographic attestation support in KMS][3

in the *Key Management

Service Developer Guide*.

[1]: docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc [2]: docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk [3]: docs.aws.amazon.com/kms/latest/developerguide/cryptographic-attestation.html

Returns:

• (Types::RecipientInfo)

# File 'lib/aws-sdk-kms/types.rb', line 3362

class GenerateRandomRequest < Struct.new(
  :number_of_bytes,
  :custom_key_store_id,
  :recipient)
  SENSITIVE = []
  include Aws::Structure
end