curena
8/27/2015 - 6:31 PM
AWS KMS generate data key in Java
AWS KMS generate data key in Java
GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest();
dataKeyRequest.setKeyId(KMS_KEY);
dataKeyRequest.setKeySpec(DataKeySpec.AES_256);
AWSKMSClient kmsClient = new AWSKMSClient();
GenerateDataKeyResult dataKeyResult = kmsClient.generateDataKey(dataKeyRequest);
ByteBuffer plainTextKey = dataKeyResult.getPlaintext(); //Use this to encrypt/decrypt data locally, delete after use.
ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob(); //Persist this along with the data, to be used to obtain a plainTextKey from KMS later.