class AwsKmsDriver extends KmsDriver
A reference implementation of the KMS Driver API based on the existing internal AWS KMS integration.
- Alphabetic
- By Inheritance
- AwsKmsDriver
- KmsDriver
- AutoCloseable
- KmsDriver
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new AwsKmsDriver(kms: AwsKms)(implicit ec: ExecutionContext)
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
- def close(): Unit
- Definition Classes
- AwsKmsDriver → AutoCloseable
- def decryptAsymmetric(ciphertext: Array[Byte], keyId: String, algoSpec: EncryptionAlgoSpec)(traceContext: Context): Future[Array[Byte]]
Asymmetrically decrypt the given ciphertext using the private key identified by the keyId with the given asymmetric encryption algorithm specification.
Asymmetrically decrypt the given ciphertext using the private key identified by the keyId with the given asymmetric encryption algorithm specification. If the
algoSpec
is not compatible with the key spec ofkeyId
then this method must fail with a non-retryable exception.- ciphertext
The asymmetrically encrypted ciphertext that needs to be decrypted. The length of the ciphertext depends on the parameters of the asymmetric encryption algorithm. Implementations may assume that the length of the ciphertext is at most 6144 bytes in any case.
- keyId
The identifier of the private encryption key to perform the asymmetric decryption with.
- algoSpec
The asymmetric encryption algorithm specification. The caller ensures it is a supportedEncryptionAlgoSpecs.
- returns
A future that completes with the plaintext.
- Definition Classes
- AwsKmsDriver → KmsDriver
- def decryptSymmetric(ciphertext: Array[Byte], keyId: String)(traceContext: Context): Future[Array[Byte]]
Symmetrically decrypt the given ciphertext using the symmetric encryption key identified by the keyId.
Symmetrically decrypt the given ciphertext using the symmetric encryption key identified by the keyId. The same/default symmetric encryption algorithm of the KMS must be used for both symmetric encryption and decryption.
- ciphertext
The ciphertext to symmetrically decrypt. The upper bound of the ciphertext size is 6144 bytes.
- keyId
The identifier of the symmetric encryption key.
- returns
A future that completes with the plaintext.
- Definition Classes
- AwsKmsDriver → KmsDriver
- def deleteKey(keyId: String)(traceContext: Context): Future[Unit]
Deletes a key given by its identifier from the KMS.
Deletes a key given by its identifier from the KMS.
- keyId
The identifier of the key to be deleted.
- returns
A future that completes when the key has been deleted or the deletion of the key has been scheduled.
- Definition Classes
- AwsKmsDriver → KmsDriver
- def encryptSymmetric(data: Array[Byte], keyId: String)(traceContext: Context): Future[Array[Byte]]
Symmetrically encrypt the given plaintext using the symmetric encryption key identified by the keyId.
Symmetrically encrypt the given plaintext using the symmetric encryption key identified by the keyId. The same/default symmetric encryption algorithm of the KMS must be used for both symmetric encryption and decryption.
- data
The plaintext to symmetrically encrypt. The upper bound of the data size is 4kb.
- keyId
The identifier of the symmetric encryption key.
- returns
A future that completes with the ciphertext.
- Definition Classes
- AwsKmsDriver → KmsDriver
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- def generateEncryptionKeyPair(encryptionKeySpec: EncryptionKeySpec, keyName: Option[String])(traceContext: Context): Future[String]
Generate a new asymmetric encryption key pair.
Generate a new asymmetric encryption key pair.
- encryptionKeySpec
The key specification of the new encryption key pair. The caller ensures it is a supportedEncryptionKeySpecs.
- keyName
An optional descriptive name for the key pair, max 300 characters long.
- returns
A future that completes with the unique KMS key identifier, max 300 characters long.
- Definition Classes
- AwsKmsDriver → KmsDriver
- def generateSigningKeyPair(signingKeySpec: SigningKeySpec, keyName: Option[String])(traceContext: Context): Future[String]
Generate a new signing key pair.
Generate a new signing key pair.
- signingKeySpec
The key specification for the new signing key pair. The caller ensures it is a supportedSigningKeySpecs.
- keyName
An optional descriptive name for the key pair, max 300 characters long.
- returns
A future that completes with the unique KMS key identifier, max 300 characters long.
- Definition Classes
- AwsKmsDriver → KmsDriver
- def generateSymmetricKey(keyName: Option[String])(traceContext: Context): Future[String]
Generate a new symmetric encryption key.
Generate a new symmetric encryption key. The default symmetric key specification of the KMS is used.
- keyName
An optional descriptive name for the symmetric key, max 300 characters long.
- returns
A future that completes with the unique KMS key identifier, max 300 characters long.
- Definition Classes
- AwsKmsDriver → KmsDriver
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @IntrinsicCandidate()
- def getPublicKey(keyId: String)(traceContext: Context): Future[api.v1.PublicKey]
Exports a public key from the KMS for the given key pair identified by keyId.
Exports a public key from the KMS for the given key pair identified by keyId.
- keyId
The identifier of the key pair.
- returns
A future that completes with the exported PublicKey
- Definition Classes
- AwsKmsDriver → KmsDriver
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @IntrinsicCandidate()
- def health: Future[KmsDriverHealth]
Returns the current health of the driver.
Returns the current health of the driver.
If the driver reports itself as unhealthy, Canton will close the current driver instance and create a new one to recover from the unhealthy state. Transient failures should be reported by throwing an com.digitalasset.canton.crypto.kms.driver.api.v1.KmsDriverException with
retryable
true on driver operations.- returns
A future that completes with the driver's health.
- Definition Classes
- AwsKmsDriver → KmsDriver
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- def keyExistsAndIsActive(keyId: String)(traceContext: Context): Future[Unit]
Asserts that the key given by its identifier exists and is active.
Asserts that the key given by its identifier exists and is active.
- keyId
The identifier of the key to be checked.
- returns
A future that completes successfully if the key exists and is active. Otherwise the future must have been failed.
- Definition Classes
- AwsKmsDriver → KmsDriver
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @IntrinsicCandidate()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @IntrinsicCandidate()
- def sign(data: Array[Byte], keyId: String, algoSpec: SigningAlgoSpec)(traceContext: Context): Future[Array[Byte]]
Sign the given data using the private key identified by the keyId with the given signing algorithm specification.
Sign the given data using the private key identified by the keyId with the given signing algorithm specification. If the
algoSpec
is not compatible with the key spec ofkeyId
then this method must fail with a non-retryable exception.- data
The data to be signed with the specified signature algorithm. The upper bound of the data size is 4kb.
- keyId
The identifier of the private signing key.
- algoSpec
The signature algorithm specification. The caller ensures it is a supportedSigningAlgoSpecs.
- returns
A future that completes with the signature.
- Definition Classes
- AwsKmsDriver → KmsDriver
- def supportedEncryptionAlgoSpecs: Set[EncryptionAlgoSpec]
The supported encryption algorithm specifications by the driver
The supported encryption algorithm specifications by the driver
- Definition Classes
- AwsKmsDriver → KmsDriver
- def supportedEncryptionKeySpecs: Set[EncryptionKeySpec]
The supported encryption key specifications by the driver
The supported encryption key specifications by the driver
- Definition Classes
- AwsKmsDriver → KmsDriver
- def supportedSigningAlgoSpecs: Set[SigningAlgoSpec]
The supported signing algorithm specifications by the driver
The supported signing algorithm specifications by the driver
- Definition Classes
- AwsKmsDriver → KmsDriver
- def supportedSigningKeySpecs: Set[SigningKeySpec]
The supported signing key specifications by the driver
The supported signing key specifications by the driver
- Definition Classes
- AwsKmsDriver → KmsDriver
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])