Class: Aws::KMS::Types::DeriveSharedSecretResponse

Inherits:

Struct

• Object
• Struct
• Aws::KMS::Types::DeriveSharedSecretResponse

Defined in:

gems/aws-sdk-kms/lib/aws-sdk-kms/types.rb

Overview

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[:shared_secret]

Instance Attribute Summary

• #ciphertext_for_recipient ⇒ String

  The plaintext shared secret encrypted with the public key from the attestation document.

• #key_agreement_algorithm ⇒ String

  Identifies the key agreement algorithm used to derive the shared secret.

• #key_id ⇒ String

  Identifies the KMS key used to derive the shared secret.

• #key_origin ⇒ String

  The source of the key material for the specified KMS key.

• #shared_secret ⇒ String

  The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer's public key.

Instance Attribute Details

#ciphertext_for_recipient ⇒ String

The plaintext shared secret encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

Returns:

• (String)

# File 'gems/aws-sdk-kms/lib/aws-sdk-kms/types.rb', line 2072

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end

#key_agreement_algorithm ⇒ String

Identifies the key agreement algorithm used to derive the shared secret.

Returns:

• (String)

# File 'gems/aws-sdk-kms/lib/aws-sdk-kms/types.rb', line 2072

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end

#key_id ⇒ String

Identifies the KMS key used to derive the shared secret.

Returns:

• (String)

# File 'gems/aws-sdk-kms/lib/aws-sdk-kms/types.rb', line 2072

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end

#key_origin ⇒ String

The source of the key material for the specified KMS key.

When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material.

The only valid values for DeriveSharedSecret are AWS_KMS and EXTERNAL. DeriveSharedSecret does not support KMS keys with a KeyOrigin value of AWS_CLOUDHSM or EXTERNAL_KEY_STORE.

Returns:

• (String)

# File 'gems/aws-sdk-kms/lib/aws-sdk-kms/types.rb', line 2072

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end

#shared_secret ⇒ String

The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer's public key.

If the response includes the CiphertextForRecipient field, the SharedSecret field is null or empty.

Returns:

• (String)

# File 'gems/aws-sdk-kms/lib/aws-sdk-kms/types.rb', line 2072

class DeriveSharedSecretResponse < Struct.new(
  :key_id,
  :shared_secret,
  :ciphertext_for_recipient,
  :key_agreement_algorithm,
  :key_origin)
  SENSITIVE = [:shared_secret]
  include Aws::Structure
end