//= aws-encryption-sdk-specification/framework/master-key-interface.md#legacy
//= type=exception
//# This is a legacy specification.
//# Master keys SHOULD NOT be included in any additional implementations.
//# Any new implementations MUST include [Keyrings](./keyring-interface.md) instead.

//= aws-encryption-sdk-specification/framework/master-key-interface.md#consistency
//= type=exception
//# This specification defines the common behavior between the two implementations
//# that determine the REQUIRED functionality.
//# 
//# Other specifics of behavior and API vary between the two implementations.

//= aws-encryption-sdk-specification/framework/master-key-interface.md#get-master-key
//= type=exception
//# Inputs and outputs are the same as for [master key providers](./master-key-provider-interface.md).
//# 
//# A master key MUST supply itself and MUST NOT supply any other master keys.

//= aws-encryption-sdk-specification/framework/master-key-interface.md#get-master-keys-for-encryption
//= type=exception
//# Inputs and outputs are the same as for [master key providers](./master-key-provider-interface.md).
//# 
//# A master key MUST supply itself and MUST NOT supply any other master keys.

//= aws-encryption-sdk-specification/framework/master-key-interface.md#decrypt-data-key
//= type=exception
//# Inputs and outputs are the same as for [master key providers](./master-key-provider-interface.md).
//# 
//# A master key SHOULD attempt to decrypt a data key using itself.
//# 
//# A master key MUST not attempt to use any other master keys.

//= aws-encryption-sdk-specification/framework/master-key-interface.md#generate-data-key
//= type=exception
//# This interface is used to generate and encrypt a data key.
//# 
//# The master key MUST generate a data key and MUST then encrypt that data key.
//# 
//# Inputs to this interface MUST include
//# the algorithm suite
//# and the encryption context.
//# 
//# The output of this interface MUST include
//# the plaintext data key,
//# the data key encrypted under the master key,
//# and information that can identify which master key
//# was used to generate and encrypt the data key.
//# 
//# If the master key cannot generate or encrypt the data key,
//# the call MUST result in an error.

//= aws-encryption-sdk-specification/framework/master-key-interface.md#encrypt-data-key
//= type=exception
//# This interface is used to encrypt a data key.
//# 
//# The master key MUST encrypt the data key.
//# 
//# Inputs to this interface MUST include
//# the algorithm suite,
//# the encryption context,
//# the encrypted data key,
//# and information that can identify which master key
//# was used to encrypt the data key.
//# 
//# The output of this interface MUST include
//# a value that this master key can use to obtain
//# the plaintext data key.
//# Most commonly,
//# this will be the result of an encryption operation.
//# 
//# If the master key cannot encrypt the data key,
//# the call MUST result in an error.