Packages

class AwsKmsDriver extends KmsDriver

A reference implementation of the KMS Driver API based on the existing internal AWS KMS integration.

Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. AwsKmsDriver
  2. KmsDriver
  3. AutoCloseable
  4. KmsDriver
  5. AnyRef
  6. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new AwsKmsDriver(kms: AwsKms)(implicit ec: ExecutionContext)

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
  6. def close(): Unit
    Definition Classes
    AwsKmsDriver → AutoCloseable
  7. def decryptAsymmetric(ciphertext: Array[Byte], keyId: String, algoSpec: EncryptionAlgoSpec)(traceContext: Context): Future[Array[Byte]]

    Asymmetrically decrypt the given ciphertext using the private key identified by the keyId with the given asymmetric encryption algorithm specification.

    Asymmetrically decrypt the given ciphertext using the private key identified by the keyId with the given asymmetric encryption algorithm specification. If the algoSpec is not compatible with the key spec of keyId then this method must fail with a non-retryable exception.

    ciphertext

    The asymmetrically encrypted ciphertext that needs to be decrypted. The length of the ciphertext depends on the parameters of the asymmetric encryption algorithm. Implementations may assume that the length of the ciphertext is at most 6144 bytes in any case.

    keyId

    The identifier of the private encryption key to perform the asymmetric decryption with.

    algoSpec

    The asymmetric encryption algorithm specification. The caller ensures it is a supportedEncryptionAlgoSpecs.

    returns

    A future that completes with the plaintext.

    Definition Classes
    AwsKmsDriverKmsDriver
  8. def decryptSymmetric(ciphertext: Array[Byte], keyId: String)(traceContext: Context): Future[Array[Byte]]

    Symmetrically decrypt the given ciphertext using the symmetric encryption key identified by the keyId.

    Symmetrically decrypt the given ciphertext using the symmetric encryption key identified by the keyId. The same/default symmetric encryption algorithm of the KMS must be used for both symmetric encryption and decryption.

    ciphertext

    The ciphertext to symmetrically decrypt. The upper bound of the ciphertext size is 6144 bytes.

    keyId

    The identifier of the symmetric encryption key.

    returns

    A future that completes with the plaintext.

    Definition Classes
    AwsKmsDriverKmsDriver
  9. def deleteKey(keyId: String)(traceContext: Context): Future[Unit]

    Deletes a key given by its identifier from the KMS.

    Deletes a key given by its identifier from the KMS.

    keyId

    The identifier of the key to be deleted.

    returns

    A future that completes when the key has been deleted or the deletion of the key has been scheduled.

    Definition Classes
    AwsKmsDriverKmsDriver
  10. def encryptSymmetric(data: Array[Byte], keyId: String)(traceContext: Context): Future[Array[Byte]]

    Symmetrically encrypt the given plaintext using the symmetric encryption key identified by the keyId.

    Symmetrically encrypt the given plaintext using the symmetric encryption key identified by the keyId. The same/default symmetric encryption algorithm of the KMS must be used for both symmetric encryption and decryption.

    data

    The plaintext to symmetrically encrypt. The upper bound of the data size is 4kb.

    keyId

    The identifier of the symmetric encryption key.

    returns

    A future that completes with the ciphertext.

    Definition Classes
    AwsKmsDriverKmsDriver
  11. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  12. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  13. def generateEncryptionKeyPair(encryptionKeySpec: EncryptionKeySpec, keyName: Option[String])(traceContext: Context): Future[String]

    Generate a new asymmetric encryption key pair.

    Generate a new asymmetric encryption key pair.

    encryptionKeySpec

    The key specification of the new encryption key pair. The caller ensures it is a supportedEncryptionKeySpecs.

    keyName

    An optional descriptive name for the key pair, max 300 characters long.

    returns

    A future that completes with the unique KMS key identifier, max 300 characters long.

    Definition Classes
    AwsKmsDriverKmsDriver
  14. def generateSigningKeyPair(signingKeySpec: SigningKeySpec, keyName: Option[String])(traceContext: Context): Future[String]

    Generate a new signing key pair.

    Generate a new signing key pair.

    signingKeySpec

    The key specification for the new signing key pair. The caller ensures it is a supportedSigningKeySpecs.

    keyName

    An optional descriptive name for the key pair, max 300 characters long.

    returns

    A future that completes with the unique KMS key identifier, max 300 characters long.

    Definition Classes
    AwsKmsDriverKmsDriver
  15. def generateSymmetricKey(keyName: Option[String])(traceContext: Context): Future[String]

    Generate a new symmetric encryption key.

    Generate a new symmetric encryption key. The default symmetric key specification of the KMS is used.

    keyName

    An optional descriptive name for the symmetric key, max 300 characters long.

    returns

    A future that completes with the unique KMS key identifier, max 300 characters long.

    Definition Classes
    AwsKmsDriverKmsDriver
  16. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  17. def getPublicKey(keyId: String)(traceContext: Context): Future[api.v1.PublicKey]

    Exports a public key from the KMS for the given key pair identified by keyId.

    Exports a public key from the KMS for the given key pair identified by keyId.

    keyId

    The identifier of the key pair.

    returns

    A future that completes with the exported PublicKey

    Definition Classes
    AwsKmsDriverKmsDriver
  18. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  19. def health: Future[KmsDriverHealth]

    Returns the current health of the driver.

    Returns the current health of the driver.

    If the driver reports itself as unhealthy, Canton will close the current driver instance and create a new one to recover from the unhealthy state. Transient failures should be reported by throwing an com.digitalasset.canton.crypto.kms.driver.api.v1.KmsDriverException with retryable true on driver operations.

    returns

    A future that completes with the driver's health.

    Definition Classes
    AwsKmsDriverKmsDriver
  20. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  21. def keyExistsAndIsActive(keyId: String)(traceContext: Context): Future[Unit]

    Asserts that the key given by its identifier exists and is active.

    Asserts that the key given by its identifier exists and is active.

    keyId

    The identifier of the key to be checked.

    returns

    A future that completes successfully if the key exists and is active. Otherwise the future must have been failed.

    Definition Classes
    AwsKmsDriverKmsDriver
  22. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  23. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  24. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  25. def sign(data: Array[Byte], keyId: String, algoSpec: SigningAlgoSpec)(traceContext: Context): Future[Array[Byte]]

    Sign the given data using the private key identified by the keyId with the given signing algorithm specification.

    Sign the given data using the private key identified by the keyId with the given signing algorithm specification. If the algoSpec is not compatible with the key spec of keyId then this method must fail with a non-retryable exception.

    data

    The data to be signed with the specified signature algorithm. The upper bound of the data size is 4kb.

    keyId

    The identifier of the private signing key.

    algoSpec

    The signature algorithm specification. The caller ensures it is a supportedSigningAlgoSpecs.

    returns

    A future that completes with the signature.

    Definition Classes
    AwsKmsDriverKmsDriver
  26. def supportedEncryptionAlgoSpecs: Set[EncryptionAlgoSpec]

    The supported encryption algorithm specifications by the driver

    The supported encryption algorithm specifications by the driver

    Definition Classes
    AwsKmsDriverKmsDriver
  27. def supportedEncryptionKeySpecs: Set[EncryptionKeySpec]

    The supported encryption key specifications by the driver

    The supported encryption key specifications by the driver

    Definition Classes
    AwsKmsDriverKmsDriver
  28. def supportedSigningAlgoSpecs: Set[SigningAlgoSpec]

    The supported signing algorithm specifications by the driver

    The supported signing algorithm specifications by the driver

    Definition Classes
    AwsKmsDriverKmsDriver
  29. def supportedSigningKeySpecs: Set[SigningKeySpec]

    The supported signing key specifications by the driver

    The supported signing key specifications by the driver

    Definition Classes
    AwsKmsDriverKmsDriver
  30. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  31. def toString(): String
    Definition Classes
    AnyRef → Any
  32. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  33. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  34. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated @Deprecated
    Deprecated

Inherited from KmsDriver

Inherited from AutoCloseable

Inherited from KmsDriver

Inherited from AnyRef

Inherited from Any

Ungrouped