Struct: kms.EncryptInput

import "../ibm-cos-sdk-go/service/kms"

Implemented Interfaces

s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom

Structure Field Summary

• EncryptionAlgorithm *string

  Specifies the encryption algorithm that KMS will use to encrypt the plaintext message.

• EncryptionContext map[string]*string

  Specifies the encryption context that will be used to encrypt the data.

• GrantTokens []*string

  A list of grant tokens.

• KeyId *string

  Identifies the KMS key to use in the encryption operation.

• Plaintext []byte

  Data to be encrypted.

• _ struct{}

Service Operations

• GoString() string operation

  GoString returns the string representation.

• SetEncryptionAlgorithm(string) *EncryptInput operation

  SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.

• SetEncryptionContext(map[string]*string) *EncryptInput operation

  SetEncryptionContext sets the EncryptionContext field's value.

• SetGrantTokens([]*string) *EncryptInput operation

  SetGrantTokens sets the GrantTokens field's value.

• SetKeyId(string) *EncryptInput operation

  SetKeyId sets the KeyId field's value.

• SetPlaintext([]byte) *EncryptInput operation

  SetPlaintext sets the Plaintext field's value.

• String() string operation

  String returns the string representation.

• Validate() error operation

  Validate inspects the fields of the type to determine if they are valid.

Structure Field Details

EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"`

Specifies the encryption algorithm that KMS will use to encrypt the plaintext message. The algorithm must be compatible with the KMS key that you specify.

This parameter is required only for asymmetric KMS keys. The default value, SYMMETRIC_DEFAULT, is the algorithm used for symmetric encryption KMS keys. If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.

The SM2PKE algorithm is only available in China Regions.

EncryptionContext map[string]*string `type:"map"`

Specifies the encryption context that will be used to encrypt the data. An encryption context is valid only for cryptographic operations (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.

Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

For more information, see Encryption context (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the Key Management Service Developer Guide.

GrantTokens []*string `type:"list"`

A list of grant tokens.

For more information, see Grant Tokens (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.

KeyId *string `min:"1" type:"string" required:"true"`

Identifies the KMS key to use in the encryption operation. The KMS key must have a KeyUsage of ENCRYPT_DECRYPT. To find the KeyUsage of a KMS key, use the DescribeKey operation.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with “alias/”. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

KeyId is a required field

Plaintext []byte `min:"1" type:"blob" required:"true" sensitive:"true"`

Data to be encrypted.

Plaintext is a sensitive parameter and its value will be replaced with “sensitive” in string returned by EncryptInput's String and GoString methods.

Plaintext is automatically base64 encoded/decoded by the SDK.

Plaintext is a required field

_ struct{} `type:"structure"`

Method Details

func (s EncryptInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.

// File 'service/kms/api.go', line 11253

func (s EncryptInput) GoString() string {
	return s.String()
}

func (s *EncryptInput) SetEncryptionAlgorithm(v string) *EncryptInput

SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.

// File 'service/kms/api.go', line 11280

func (s *EncryptInput) SetEncryptionAlgorithm(v string) *EncryptInput {
	s.EncryptionAlgorithm = &v
	return s
}

func (s *EncryptInput) SetEncryptionContext(v map[string]*string) *EncryptInput

SetEncryptionContext sets the EncryptionContext field's value.

// File 'service/kms/api.go', line 11286

func (s *EncryptInput) SetEncryptionContext(v map[string]*string) *EncryptInput {
	s.EncryptionContext = v
	return s
}

func (s *EncryptInput) SetGrantTokens(v []*string) *EncryptInput

SetGrantTokens sets the GrantTokens field's value.

// File 'service/kms/api.go', line 11292

func (s *EncryptInput) SetGrantTokens(v []*string) *EncryptInput {
	s.GrantTokens = v
	return s
}

func (s *EncryptInput) SetKeyId(v string) *EncryptInput

SetKeyId sets the KeyId field's value.

// File 'service/kms/api.go', line 11298

func (s *EncryptInput) SetKeyId(v string) *EncryptInput {
	s.KeyId = &v
	return s
}

func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput

SetPlaintext sets the Plaintext field's value.

// File 'service/kms/api.go', line 11304

func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput {
	s.Plaintext = v
	return s
}

func (s EncryptInput) String() string

String returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.

// File 'service/kms/api.go', line 11244

func (s EncryptInput) String() string {
	return awsutil.Prettify(s)
}

func (s *EncryptInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

// File 'service/kms/api.go', line 11258

func (s *EncryptInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "EncryptInput"}
	if s.KeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyId"))
	}
	if s.KeyId != nil && len(*s.KeyId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("KeyId", 1))
	}
	if s.Plaintext == nil {
		invalidParams.Add(request.NewErrParamRequired("Plaintext"))
	}
	if s.Plaintext != nil && len(s.Plaintext) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Plaintext", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}