/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the kms-2014-11-01.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.KeyManagementService.Model { ///

/// Container for the parameters to the GetParametersForImport operation. /// Returns the public key and an import token you need to import or reimport key material /// for a KMS key. /// /// /// /// By default, KMS keys are created with key material that KMS generates. This operation /// supports Importing /// key material, an advanced feature that lets you generate and import the cryptographic /// key material for a KMS key. For more information about importing key material into /// KMS, see Importing /// key material in the Key Management Service Developer Guide. /// /// /// /// Before calling GetParametersForImport, use the CreateKey operation /// with an Origin value of EXTERNAL to create a KMS key with /// no key material. You can import key material for a symmetric encryption KMS key, HMAC /// KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also /// import key material into a multi-Region /// key of any supported type. However, you can't import key material into a KMS key /// in a custom key /// store. You can also use GetParametersForImport to get a public key /// and import token to reimport /// the original key material into a KMS key whose key material expired or was deleted. /// /// /// /// GetParametersForImport returns the items that you need to import your /// key material. /// ///

/// /// The public key (or "wrapping key") of an RSA key pair that KMS generates. /// /// /// /// You will use this public key to encrypt ("wrap") your key material while it's in transit /// to KMS. /// ///
/// /// A import token that ensures that KMS can decrypt your key material and associate it /// with the correct KMS key. /// ///

/// /// The public key and its import token are permanently linked and must be used together. /// Each public key and import token set is valid for 24 hours. The expiration date and /// time appear in the ParametersValidTo field in the GetParametersForImport /// response. You cannot use an expired public key or import token in an ImportKeyMaterial /// request. If your key and token expire, send another GetParametersForImport /// request. /// /// /// /// GetParametersForImport requires the following information: /// ///

/// /// The key ID of the KMS key for which you are importing the key material. /// ///
/// /// The key spec of the public key ("wrapping key") that you will use to encrypt your /// key material during import. /// ///
/// /// The wrapping algorithm that you will use with the public key to encrypt your key material. /// ///

/// /// You can use the same or a different public key spec and wrapping algorithm each time /// you import or reimport the same key material. /// /// /// /// The KMS key that you use for this operation must be in a compatible key state. For /// details, see Key /// states of KMS keys in the Key Management Service Developer Guide. /// /// /// /// Cross-account use: No. You cannot perform this operation on a KMS key in a /// different Amazon Web Services account. /// /// /// /// Required permissions: kms:GetParametersForImport /// (key policy) /// /// /// /// Related operations: /// ///

/// /// ImportKeyMaterial /// ///
/// /// DeleteImportedKeyMaterial /// ///

///

public partial class GetParametersForImportRequest : AmazonKeyManagementServiceRequest { private string _keyId; private AlgorithmSpec _wrappingAlgorithm; private WrappingKeySpec _wrappingKeySpec; ///

/// Gets and sets the property KeyId. /// /// The identifier of the KMS key that will be associated with the imported key material. /// The Origin of the KMS key must be EXTERNAL. /// /// /// /// All KMS key types are supported, including multi-Region keys. However, you cannot /// import key material into a KMS key in a custom key store. /// /// /// /// Specify the key ID or key ARN of the KMS key. /// /// /// /// For example: /// ///

/// /// Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab /// ///
/// /// Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab /// /// ///

/// /// To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. /// ///

[AWSProperty(Required=true, Min=1, Max=2048)] public string KeyId { get { return this._keyId; } set { this._keyId = value; } } // Check to see if KeyId property is set internal bool IsSetKeyId() { return this._keyId != null; } ///

/// Gets and sets the property WrappingAlgorithm. /// /// The algorithm you will use with the RSA public key (PublicKey) in the /// response to protect your key material during import. For more information, see Select /// a wrapping algorithm in the Key Management Service Developer Guide. /// /// /// /// For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that /// you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES /// wrapping algorithms, you encrypt your key material directly with the RSA public key /// from KMS. /// /// /// /// The wrapping algorithms that you can use depend on the type of key material that you /// are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm. /// ///

/// /// RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material. /// ///
/// /// RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material. /// ///
/// /// RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key /// material (private key). /// /// /// /// You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping /// key spec to wrap ECC_NIST_P521 key material. /// ///
/// /// RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key /// material (private key). /// /// /// /// You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping /// key spec to wrap ECC_NIST_P521 key material. /// ///
/// /// RSAES_PKCS1_V1_5 (Deprecated) — Supported only for symmetric encryption key /// material (and only in legacy mode). /// ///

///

[AWSProperty(Required=true)] public AlgorithmSpec WrappingAlgorithm { get { return this._wrappingAlgorithm; } set { this._wrappingAlgorithm = value; } } // Check to see if WrappingAlgorithm property is set internal bool IsSetWrappingAlgorithm() { return this._wrappingAlgorithm != null; } ///

/// Gets and sets the property WrappingKeySpec. /// /// The type of RSA public key to return in the response. You will use this wrapping key /// with the specified wrapping algorithm to protect your key material during import. /// /// /// /// /// Use the longest RSA wrapping key that is practical. /// /// /// /// You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key. /// Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key. /// ///

[AWSProperty(Required=true)] public WrappingKeySpec WrappingKeySpec { get { return this._wrappingKeySpec; } set { this._wrappingKeySpec = value; } } // Check to see if WrappingKeySpec property is set internal bool IsSetWrappingKeySpec() { return this._wrappingKeySpec != null; } } }