Class: Aws::KMS::Types::GenerateRandomRequest

Inherits:

Struct

• Object
• Struct
• Aws::KMS::Types::GenerateRandomRequest

Includes:

Structure

Defined in:

lib/aws-sdk-kms/types.rb

Overview

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #custom_key_store_id ⇒ String

  Generates the random byte string in the CloudHSM cluster that is associated with the specified CloudHSM key store.

• #number_of_bytes ⇒ Integer

  The length of the random byte string.

• #recipient ⇒ Types::RecipientInfo

  A signed [attestation document] from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave’s public key.

Instance Attribute Details

#custom_key_store_id ⇒ String

Generates the random byte string in the CloudHSM cluster that is associated with the specified CloudHSM key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.

External key store IDs are not valid for this parameter. If you specify the ID of an external key store, ‘GenerateRandom` throws an `UnsupportedOperationException`.

Returns:

• (String)

# File 'lib/aws-sdk-kms/types.rb', line 3027

class GenerateRandomRequest < Struct.new(
  :number_of_bytes,
  :custom_key_store_id,
  :recipient)
  SENSITIVE = []
  include Aws::Structure
end

#number_of_bytes ⇒ Integer

The length of the random byte string. This parameter is required.

Returns:

• (Integer)

# File 'lib/aws-sdk-kms/types.rb', line 3027

class GenerateRandomRequest < Struct.new(
  :number_of_bytes,
  :custom_key_store_id,
  :recipient)
  SENSITIVE = []
  include Aws::Structure
end

#recipient ⇒ Types::RecipientInfo

A signed [attestation document] from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave’s public key. The only valid encryption algorithm is ‘RSAES_OAEP_SHA_256`.

This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this parameter, use the [Amazon Web Services Nitro Enclaves SDK] or any Amazon Web Services SDK.

When you use this parameter, instead of returning plaintext bytes, KMS encrypts the plaintext bytes under the public key in the attestation document, and returns the resulting ciphertext in the ‘CiphertextForRecipient` field in the response. This ciphertext can be decrypted only with the private key in the enclave. The `Plaintext` field in the response is null or empty.

For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see [How Amazon Web Services Nitro Enclaves uses KMS] in the *Key Management Service Developer Guide*.

[1]: docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc [2]: docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk [3]: docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html

Returns:

• (Types::RecipientInfo)

# File 'lib/aws-sdk-kms/types.rb', line 3027

class GenerateRandomRequest < Struct.new(
  :number_of_bytes,
  :custom_key_store_id,
  :recipient)
  SENSITIVE = []
  include Aws::Structure
end