class Aws::S3::EncryptionV2::KmsCipherProvider

def encryption_cipher(options = {})

Returns:

(Array) - Creates and returns a new encryption

def encryption_cipher(options = {})
  validate_key_for_encryption
  encryption_context = build_encryption_context(@content_encryption_schema, options)
  key_data = @kms_client.generate_data_key(
    key_id: @kms_key_id,
    encryption_context: encryption_context,
    key_spec: 'AES_256'
  )
  cipher = Utils.aes_encryption_cipher(:GCM)
  cipher.key = key_data.plaintext
  envelope = {
    'x-amz-key-v2' => encode64(key_data.ciphertext_blob),
    'x-amz-iv' => encode64(cipher.iv = cipher.random_iv),
    'x-amz-cek-alg' => @content_encryption_schema,
    'x-amz-tag-len' => (AES_GCM_TAG_LEN_BYTES * 8).to_s,
    'x-amz-wrap-alg' => @key_wrap_schema,
    'x-amz-matdesc' => Json.dump(encryption_context)
  }
  cipher.auth_data = '' # auth_data must be set after key and iv
  [envelope, cipher]
end

Instance Methods

# build_encryption_context
# decode64
# decryption_cipher
# encode64
# encryption_cipher
# initialize
# validate_cek
# validate_key_for_encryption
# validate_key_wrap
# validate_kms_key

Modules

Classes

class Aws::S3::EncryptionV2::KmsCipherProvider

def encryption_cipher(options = {})

Instance Methods