enum KeySpec
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.KMS.KeySpec |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awskms#KeySpec |
 Java | software.amazon.awscdk.services.kms.KeySpec |
 Python | aws_cdk.aws_kms.KeySpec |
 TypeScript (source) | aws-cdk-lib » aws_kms » KeySpec |
The key spec, represents the cryptographic configuration of keys.
Example
const key = new kms.Key(this, 'MyKey', {
keySpec: kms.KeySpec.ECC_SECG_P256K1, // Default to SYMMETRIC_DEFAULT
keyUsage: kms.KeyUsage.SIGN_VERIFY, // and ENCRYPT_DECRYPT
});
Members
| Name | Description |
|---|---|
| SYMMETRIC_DEFAULT | The default key spec. |
| RSA_2048 | RSA with 2048 bits of key. |
| RSA_3072 | RSA with 3072 bits of key. |
| RSA_4096 | RSA with 4096 bits of key. |
| ECC_NIST_P256 | NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-256 for the message digest. |
| ECC_NIST_P384 | NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-384 for the message digest. |
| ECC_NIST_P521 | NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-512 for the message digest. |
| ECC_SECG_P256K1 | Standards for Efficient Cryptography 2, Section 2.4.1, ECDSA signature on the Koblitz curve. |
| HMAC_224 | Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA224. |
| HMAC_256 | Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA256. |
| HMAC_384 | Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA384. |
| HMAC_512 | Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA512. |
| SM2 | Elliptic curve key spec available only in China Regions. |
SYMMETRIC_DEFAULT
The default key spec.
Valid usage: ENCRYPT_DECRYPT
RSA_2048
RSA with 2048 bits of key.
Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY
RSA_3072
RSA with 3072 bits of key.
Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY
RSA_4096
RSA with 4096 bits of key.
Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY
ECC_NIST_P256
NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-256 for the message digest.
Valid usage: SIGN_VERIFY
ECC_NIST_P384
NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-384 for the message digest.
Valid usage: SIGN_VERIFY
ECC_NIST_P521
NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-512 for the message digest.
Valid usage: SIGN_VERIFY
ECC_SECG_P256K1
Standards for Efficient Cryptography 2, Section 2.4.1, ECDSA signature on the Koblitz curve.
Valid usage: SIGN_VERIFY
HMAC_224
Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA224.
Valid usage: GENERATE_VERIFY_MAC
HMAC_256
Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA256.
Valid usage: GENERATE_VERIFY_MAC
HMAC_384
Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA384.
Valid usage: GENERATE_VERIFY_MAC
HMAC_512
Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA512.
Valid usage: GENERATE_VERIFY_MAC
SM2
Elliptic curve key spec available only in China Regions.
Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY