use of com.amazonaws.services.kms.model.CreateKeyResult in project aws-doc-sdk-examples by awsdocs.
the class S3EncryptV2 method putEncryptedData3_Kms.
public static void putEncryptedData3_Kms() {
// snippet-start:[s3.java.s3_cse-v2.kms]
AWSKMS kmsClient = AWSKMSClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
// create CMK for for testing this example
CreateKeyRequest createKeyRequest = new CreateKeyRequest();
CreateKeyResult createKeyResult = kmsClient.createKey(createKeyRequest);
// specify an Amazon KMS customer master key (CMK) ID
String keyId = createKeyResult.getKeyMetadata().getKeyId();
String s3ObjectKey = "EncryptedContent3.txt";
String s3ObjectContent = "This is the 3rd content to encrypt";
AmazonS3EncryptionV2 s3Encryption = AmazonS3EncryptionClientV2Builder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfigurationV2().withCryptoMode(CryptoMode.StrictAuthenticatedEncryption)).withEncryptionMaterialsProvider(new KMSEncryptionMaterialsProvider(keyId)).build();
s3Encryption.putObject(bucketName, s3ObjectKey, s3ObjectContent);
System.out.println(s3Encryption.getObjectAsString(bucketName, s3ObjectKey));
// schedule deletion of CMK generated for testing
ScheduleKeyDeletionRequest scheduleKeyDeletionRequest = new ScheduleKeyDeletionRequest().withKeyId(keyId).withPendingWindowInDays(7);
kmsClient.scheduleKeyDeletion(scheduleKeyDeletionRequest);
s3Encryption.shutdown();
kmsClient.shutdown();
// snippet-end:[s3.java.s3_cse-v2.kms]
}
use of com.amazonaws.services.kms.model.CreateKeyResult in project aws-doc-sdk-examples by awsdocs.
the class UploadObjectKMSKey method main.
public static void main(String[] args) throws IOException {
String bucketName = "*** Bucket name ***";
String keyName = "*** Object key name ***";
Regions clientRegion = Regions.DEFAULT_REGION;
String kms_cmk_id = "*** AWS KMS customer master key ID ***";
int readChunkSize = 4096;
try {
// Optional: If you don't have a KMS key (or need another one),
// create one. This example creates a key with AWS-created
// key material.
AWSKMS kmsClient = AWSKMSClientBuilder.standard().withRegion(clientRegion).build();
CreateKeyResult keyResult = kmsClient.createKey();
kms_cmk_id = keyResult.getKeyMetadata().getKeyId();
// Create the encryption client.
KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(kms_cmk_id);
CryptoConfiguration cryptoConfig = new CryptoConfiguration().withAwsKmsRegion(RegionUtils.getRegion(clientRegion.toString()));
AmazonS3Encryption encryptionClient = AmazonS3EncryptionClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withEncryptionMaterials(materialProvider).withCryptoConfiguration(cryptoConfig).withRegion(clientRegion).build();
// Upload an object using the encryption client.
String origContent = "S3 Encrypted Object Using KMS-Managed Customer Master Key.";
int origContentLength = origContent.length();
encryptionClient.putObject(bucketName, keyName, origContent);
// Download the object. The downloaded object is still encrypted.
S3Object downloadedObject = encryptionClient.getObject(bucketName, keyName);
S3ObjectInputStream input = downloadedObject.getObjectContent();
// Decrypt and read the object and close the input stream.
byte[] readBuffer = new byte[readChunkSize];
ByteArrayOutputStream baos = new ByteArrayOutputStream(readChunkSize);
int bytesRead = 0;
int decryptedContentLength = 0;
while ((bytesRead = input.read(readBuffer)) != -1) {
baos.write(readBuffer, 0, bytesRead);
decryptedContentLength += bytesRead;
}
input.close();
// Verify that the original and decrypted contents are the same size.
System.out.println("Original content length: " + origContentLength);
System.out.println("Decrypted content length: " + decryptedContentLength);
} catch (AmazonServiceException e) {
// The call was transmitted successfully, but Amazon S3 couldn't process
// it, so it returned an error response.
e.printStackTrace();
} catch (SdkClientException e) {
// Amazon S3 couldn't be contacted for a response, or the client
// couldn't parse the response from Amazon S3.
e.printStackTrace();
}
}
use of com.amazonaws.services.kms.model.CreateKeyResult in project aws-doc-sdk-examples by awsdocs.
the class CreateCustomerMasterKey method main.
public static void main(String[] args) {
AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
// Create a CMK
String desc = "Key for protecting critical data";
CreateKeyRequest req = new CreateKeyRequest().withDescription(desc);
CreateKeyResult result = kmsClient.createKey(req);
System.out.printf("Created a customer master key with id \"%s\"%n", result.getKeyMetadata().getArn());
}
Aggregations