SDK for PHP 3.x
KmsMaterialsProvider
extends MaterialsProvider
in package
implements
MaterialsProviderInterface
Uses KMS to supply materials for encrypting and decrypting data.
Legacy implementation that supports legacy S3EncryptionClient and S3EncryptionMultipartUploader, which use an older encryption workflow. Use KmsMaterialsProviderV2 with S3EncryptionClientV2 or S3EncryptionMultipartUploaderV2 if possible.
Tags
Table of Contents
Interfaces
Constants
- WRAP_ALGORITHM_NAME = 'kms'
Methods
- __construct() : mixed
- decryptCek() : string
- Takes an encrypted content encryption key (CEK) and material description for use decrypting the key by using KMS' Decrypt API.
- encryptCek() : string
- Takes a content encryption key (CEK) and description to return an encrypted key by using KMS' Encrypt API.
- fromDecryptionEnvelope() : mixed
- generateCek() : string
- generateIv() : string
- getMaterialsDescription() : array<string|int, mixed>
- The KMS key id for use in matching this Provider to its keys, consistently with other SDKs as 'kms_cmk_id'.
- getWrapAlgorithmName() : string
- Returns the wrap algorithm name for this Provider.
- isSupportedKeySize() : bool
- Returns if the requested size is supported by AES.
Constants
WRAP_ALGORITHM_NAME
public
mixed
WRAP_ALGORITHM_NAME
= 'kms'
Methods
__construct()
public
__construct(KmsClient $kmsClient[, string $kmsKeyId = null ]) : mixed
Parameters
- $kmsClient : KmsClient
-
A KMS Client for use encrypting and decrypting keys.
- $kmsKeyId : string = null
-
The private KMS key id to be used for encrypting and decrypting keys.
decryptCek()
Takes an encrypted content encryption key (CEK) and material description for use decrypting the key by using KMS' Decrypt API.
public
decryptCek(string $encryptedCek, string $materialDescription) : string
Parameters
- $encryptedCek : string
-
Encrypted key to be decrypted by the Provider for use decrypting other data.
- $materialDescription : string
-
Material Description for use in encrypting the $cek.
Return values
stringencryptCek()
Takes a content encryption key (CEK) and description to return an encrypted key by using KMS' Encrypt API.
public
encryptCek(string $unencryptedCek, string $materialDescription) : string
Parameters
- $unencryptedCek : string
-
Key for use in encrypting other data that itself needs to be encrypted by the Provider.
- $materialDescription : string
-
Material Description for use in encrypting the $cek.
Return values
stringfromDecryptionEnvelope()
public
fromDecryptionEnvelope(MetadataEnvelope $envelope) : mixed
Parameters
- $envelope : MetadataEnvelope
generateCek()
public
generateCek(string $keySize) : string
Parameters
- $keySize : string
-
Length of a cipher key in bits for generating a random content encryption key (CEK).
Return values
stringgenerateIv()
public
generateIv(string $openSslName) : string
Parameters
- $openSslName : string
-
Cipher OpenSSL name to use for generating an initialization vector.
Return values
stringgetMaterialsDescription()
The KMS key id for use in matching this Provider to its keys, consistently with other SDKs as 'kms_cmk_id'.
public
getMaterialsDescription() : array<string|int, mixed>
Return values
array<string|int, mixed>getWrapAlgorithmName()
Returns the wrap algorithm name for this Provider.
public
getWrapAlgorithmName() : string
Return values
stringisSupportedKeySize()
Returns if the requested size is supported by AES.
public
static isSupportedKeySize(int $keySize) : bool
Parameters
- $keySize : int
-
Size of the requested key in bits.