AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Imports key material into an AWS KMS customer master key (CMK) from your existing key management infrastructure. For more information about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service Developer Guide.

You must specify the key ID of the CMK to import the key material into. This CMK's Origin must be EXTERNAL. You must also send an import token and the encrypted key material. Send the import token that you received in the same GetParametersForImport response that contained the public key that you used to encrypt the key material. You must also specify whether the key material expires and if so, when. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. To use the CMK again, you can reimport the same key material. If you set an expiration date, you can change it only by reimporting the same key material and specifying a new expiration date.

When this operation is successful, the specified CMK's key state changes to Enabled, and you can use the CMK.

After you successfully import key material into a CMK, you can reimport the same key material into that CMK, but you cannot import different key material.

Note:

For PCL this operation is only available in asynchronous form. Please refer to ImportKeyMaterialAsync.

Namespace: Amazon.KeyManagementService
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z

Syntax

C#
public abstract ImportKeyMaterialResponse ImportKeyMaterial(
         ImportKeyMaterialRequest request
)
Parameters
request
Type: Amazon.KeyManagementService.Model.ImportKeyMaterialRequest

Container for the necessary parameters to execute the ImportKeyMaterial service method.

Return Value
The response from the ImportKeyMaterial service method, as returned by KeyManagementService.

Exceptions

ExceptionCondition
DependencyTimeoutException The system timed out while trying to fulfill the request. The request can be retried.
ExpiredImportTokenException The request was rejected because the provided import token is expired. Use GetParametersForImport to retrieve a new import token and public key, use the new public key to encrypt the key material, and then try the request again.
IncorrectKeyMaterialException The request was rejected because the provided key material is invalid or is not the same key material that was previously imported into this customer master key (CMK).
InvalidArnException The request was rejected because a specified ARN was not valid.
InvalidCiphertextException The request was rejected because the specified ciphertext has been corrupted or is otherwise invalid.
InvalidImportTokenException The request was rejected because the provided import token is invalid or is associated with a different customer master key (CMK).
KMSInternalException The request was rejected because an internal exception occurred. The request can be retried.
KMSInvalidStateException The request was rejected because the state of the specified resource is not valid for this request. For more information about how key state affects the use of a CMK, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.
NotFoundException The request was rejected because the specified entity or resource could not be found.
UnsupportedOperationException The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation.

Examples

The following example imports key material into the specified CMK.

To import key material into a customer master key (CMK)


var response = client.ImportKeyMaterial(new ImportKeyMaterialRequest 
{
    EncryptedKeyMaterial = new MemoryStream(), // The encrypted key material to import.
    ExpirationModel = "KEY_MATERIAL_DOES_NOT_EXPIRE", // A value that specifies whether the key material expires.
    ImportToken = new MemoryStream(), // The import token that you received in the response to a previous GetParametersForImport request.
    KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab" // The identifier of the CMK to import the key material into. You can use the key ID or the Amazon Resource Name (ARN) of the CMK.
});


            

Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5

Portable Class Library:
Supported in: Windows Store Apps
Supported in: Windows Phone 8.1
Supported in: Xamarin Android
Supported in: Xamarin iOS (Unified)
Supported in: Xamarin.Forms

See Also