A KMS key is required to generate data key pair?
I am trying to generate a data key for us to use outside of KMS. Looking at the documentation for this api - https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/kms/client/generate_data_key_pair.html
It is showing that KeyId is a required parameter. I am bit confused since the reason why we are generating an asymmetric ECC key pair this way to begin with because we could not create the correct key/usage within standard KMS. Does anyone know what this parameter is referring to?
- 최신
- 최다 투표
- 가장 많은 댓글
Hi!
Data keys are used for Envelope Encryption, where you have a primary key and you create different cryptographic keys to encrypt files, that are related to that primary key. The article linked explains it very well.
I think you may be trying to implement asymetric encryption, for that read this article on Asymmetric keys in AWS KMS that explains the usage of asymmetric keys in AWS KMS.
If neither of these two answer matches your problem, I ask that you create a new question with a more detailed description of the scenario you are trying to solve, what you tried that didn't work, and any other details that could help us understand and guide you in your architecture.
Bests!
