This is the response object from the DeriveSharedSecret operation.
Inheritance Hierarchy
Amazon.Runtime.AmazonWebServiceResponse
Amazon.KeyManagementService.Model.DeriveSharedSecretResponse
Namespace: Amazon.KeyManagementService.Model
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z
Syntax
public class DeriveSharedSecretResponse : AmazonWebServiceResponse
The DeriveSharedSecretResponse type exposes the following members
Constructors
| Name | Description | |
|---|---|---|
|
DeriveSharedSecretResponse() |
Properties
| Name | Type | Description | |
|---|---|---|---|
|
|
CiphertextForRecipient | System.IO.MemoryStream |
Gets and sets the property CiphertextForRecipient. The plaintext shared secret encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.
This field is included in the response only when the |
|
|
ContentLength | System.Int64 | Inherited from Amazon.Runtime.AmazonWebServiceResponse. |
|
|
HttpStatusCode | System.Net.HttpStatusCode | Inherited from Amazon.Runtime.AmazonWebServiceResponse. |
|
|
KeyAgreementAlgorithm | Amazon.KeyManagementService.KeyAgreementAlgorithmSpec |
Gets and sets the property KeyAgreementAlgorithm. Identifies the key agreement algorithm used to derive the shared secret. |
|
|
KeyId | System.String |
Gets and sets the property KeyId. Identifies the KMS key used to derive the shared secret. |
|
|
KeyOrigin | Amazon.KeyManagementService.OriginType |
Gets and sets the property KeyOrigin. The source of the key material for the specified KMS key.
When this value is
The only valid values for DeriveSharedSecret are |
|
|
ResponseMetadata | Amazon.Runtime.ResponseMetadata | Inherited from Amazon.Runtime.AmazonWebServiceResponse. |
|
|
SharedSecret | System.IO.MemoryStream |
Gets and sets the property SharedSecret. The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer's public key.
If the response includes the |
Examples
The following example derives a shared secret using a key agreement algorithm.
To derive a shared secret
var client = new AmazonKeyManagementServiceClient();
var response = client.DeriveSharedSecret(new DeriveSharedSecretRequest
{
KeyAgreementAlgorithm = "ECDH", // The key agreement algorithm used to derive the shared secret. The only valid value is ECDH.
KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab", // The key identifier for an asymmetric KMS key pair. The private key in the specified key pair is used to derive the shared secret.
PublicKey = new MemoryStream(MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH3Yj0wbkLEpUl95Cv1cJVjsVNSjwGq3tCLnzXfhVwVvmzGN8pYj3U8nKwgouaHbBWNJYjP5VutbbkKS4Kv4GojwZBJyHN17kmxo8yTjRmjR15SKIQ8cqRA2uaERMLnpztIXdZp232PQPbWGxDyXYJ0aJ5EFSag) // The public key in your peer's asymmetric key pair.
});
string keyAgreementAlgorithm = response.KeyAgreementAlgorithm; // The key agreement algorithm used to derive the shared secret.
string keyId = response.KeyId; // The asymmetric KMS key pair used to derive the shared secret.
string keyOrigin = response.KeyOrigin; // The source of the key material for the specified KMS key.
MemoryStream sharedSecret = response.SharedSecret; // The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer's public key.
The following example includes the Recipient parameter with a signed attestation document from an AWS Nitro enclave or NitroTPM. Instead of returning a plaintext shared secret, DeriveSharedSecret returns the shared secret encrypted by the public key from the attestation document.
To derive a shared secret for a Nitro enclave or NitroTPM
var client = new AmazonKeyManagementServiceClient();
var response = client.DeriveSharedSecret(new DeriveSharedSecretRequest
{
KeyAgreementAlgorithm = "ECDH", // The key agreement algorithm used to derive the shared secret. The only valid value is ECDH.
KeyId = "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", // The key identifier for an asymmetric KMS key pair. The private key in the specified key pair is used to derive the shared secret.
PublicKey = new MemoryStream(MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH3Yj0wbkLEpUl95Cv1cJVjsVNSjwGq3tCLnzXfhVwVvmzGN8pYj3U8nKwgouaHbBWNJYjP5VutbbkKS4Kv4GojwZBJyHN17kmxo8yTjRmjR15SKIQ8cqRA2uaERMLnpztIXdZp232PQPbWGxDyXYJ0aJ5EFSag), // The public key in your peer's asymmetric key pair.
Recipient = new RecipientInfo {
AttestationDocument = new MemoryStream(<attestation document>),
KeyEncryptionAlgorithm = "RSAES_OAEP_SHA_256"
} // Specifies the attestation document from the Nitro enclave or NitroTPM and the encryption algorithm to use with the public key from the attestation document
});
MemoryStream ciphertextForRecipient = response.CiphertextForRecipient; // The shared secret encrypted by the public key from the attestation document
string keyAgreementAlgorithm = response.KeyAgreementAlgorithm; // The key agreement algorithm used to derive the shared secret.
string keyId = response.KeyId; // The asymmetric KMS key pair used to derive the shared secret.
string keyOrigin = response.KeyOrigin; // The source of the key material for the specified KMS key.
MemoryStream sharedSecret = response.SharedSecret; // This field is null or empty
Version Information
.NET:
Supported in: 8.0 and newer, Core 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.7.2 and newer