Struct: kms.EncryptInput

import "../ibm-cos-sdk-go/service/kms"

Implemented Interfaces

s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom

Structure Field Summary collapse

Service Operations collapse

Structure Field Details

EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"`

Specifies the encryption algorithm that KMS will use to encrypt the plaintext message. The algorithm must be compatible with the KMS key that you specify.

This parameter is required only for asymmetric KMS keys. The default value, SYMMETRIC_DEFAULT, is the algorithm used for symmetric encryption KMS keys. If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.

The SM2PKE algorithm is only available in China Regions.

EncryptionContext map[string]*string `type:"map"`

Specifies the encryption context that will be used to encrypt the data. An encryption context is valid only for cryptographic operations (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.

Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

For more information, see Encryption context (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the Key Management Service Developer Guide.

GrantTokens []*string `type:"list"`

A list of grant tokens.

For more information, see Grant Tokens (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.

KeyId *string `min:"1" type:"string" required:"true"`

Identifies the KMS key to use in the encryption operation. The KMS key must have a KeyUsage of ENCRYPT_DECRYPT. To find the KeyUsage of a KMS key, use the DescribeKey operation.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with “alias/”. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

  • Alias name: alias/ExampleAlias

  • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

KeyId is a required field

Plaintext []byte `min:"1" type:"blob" required:"true" sensitive:"true"`

Data to be encrypted.

Plaintext is a sensitive parameter and its value will be replaced with “sensitive” in string returned by EncryptInput's String and GoString methods.

Plaintext is automatically base64 encoded/decoded by the SDK.

Plaintext is a required field

_ struct{} `type:"structure"`

Method Details

func (s EncryptInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.



11253
11254
11255
// File 'service/kms/api.go', line 11253

func (s EncryptInput) GoString() string { return s.String() }

func (s *EncryptInput) SetEncryptionAlgorithm(v string) *EncryptInput

SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.



11280
11281
11282
11283
// File 'service/kms/api.go', line 11280

func (s *EncryptInput) SetEncryptionAlgorithm(v string) *EncryptInput { s.EncryptionAlgorithm = &v return s }

func (s *EncryptInput) SetEncryptionContext(v map[string]*string) *EncryptInput

SetEncryptionContext sets the EncryptionContext field's value.



11286
11287
11288
11289
// File 'service/kms/api.go', line 11286

func (s *EncryptInput) SetEncryptionContext(v map[string]*string) *EncryptInput { s.EncryptionContext = v return s }

func (s *EncryptInput) SetGrantTokens(v []*string) *EncryptInput

SetGrantTokens sets the GrantTokens field's value.



11292
11293
11294
11295
// File 'service/kms/api.go', line 11292

func (s *EncryptInput) SetGrantTokens(v []*string) *EncryptInput { s.GrantTokens = v return s }

func (s *EncryptInput) SetKeyId(v string) *EncryptInput

SetKeyId sets the KeyId field's value.



11298
11299
11300
11301
// File 'service/kms/api.go', line 11298

func (s *EncryptInput) SetKeyId(v string) *EncryptInput { s.KeyId = &v return s }

func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput

SetPlaintext sets the Plaintext field's value.



11304
11305
11306
11307
// File 'service/kms/api.go', line 11304

func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput { s.Plaintext = v return s }

func (s EncryptInput) String() string

String returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.



11244
11245
11246
// File 'service/kms/api.go', line 11244

func (s EncryptInput) String() string { return awsutil.Prettify(s) }

func (s *EncryptInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.



11258
11259
11260
11261
11262
11263
11264
11265
11266
11267
11268
11269
11270
11271
11272
11273
11274
11275
11276
11277
// File 'service/kms/api.go', line 11258

func (s *EncryptInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "EncryptInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Plaintext == nil { invalidParams.Add(request.NewErrParamRequired("Plaintext")) } if s.Plaintext != nil && len(s.Plaintext) < 1 { invalidParams.Add(request.NewErrParamMinLen("Plaintext", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil }