By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

A KMS key is required to generate data key pair?

0

I am trying to generate a data key for us to use outside of KMS. Looking at the documentation for this api - https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/kms/client/generate_data_key_pair.html

It is showing that KeyId is a required parameter. I am bit confused since the reason why we are generating an asymmetric ECC key pair this way to begin with because we could not create the correct key/usage within standard KMS. Does anyone know what this parameter is referring to?

Topics
Security, Identity, & Compliance
Tags
AWS Key Management Service
Language
English
AWS
rePost-User-3656372
asked a year ago497 views
1 Answer
1

Hi!

Data keys are used for Envelope Encryption, where you have a primary key and you create different cryptographic keys to encrypt files, that are related to that primary key. The article linked explains it very well.

I think you may be trying to implement asymetric encryption, for that read this article on Asymmetric keys in AWS KMS that explains the usage of asymmetric keys in AWS KMS.

If neither of these two answer matches your problem, I ask that you create a new question with a more detailed description of the scenario you are trying to solve, what you tried that didn't work, and any other details that could help us understand and guide you in your architecture.

Bests!

AWS
Pablo Guzman
answered a year ago
profile pictureAWS
EXPERT
kentrad
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content