AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Container for the parameters to the ReEncrypt operation. Encrypts data on the server side with a new customer master key (CMK) without exposing the plaintext of the data on the client side. The data is first decrypted and then reencrypted. You can also use this operation to change the encryption context of a ciphertext.

Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom on the source CMK and once as ReEncryptTo on the destination CMK. We recommend that you include the "kms:ReEncrypt*" permission in your key policies to permit reencryption from or to the CMK. This permission is automatically included in the key policy when you create a CMK through the console, but you must include it manually when you create a CMK programmatically or when you set a key policy with the PutKeyPolicy operation.

Inheritance Hierarchy

System.Object
  Amazon.Runtime.AmazonWebServiceRequest
    Amazon.KeyManagementService.AmazonKeyManagementServiceRequest
      Amazon.KeyManagementService.Model.ReEncryptRequest

Namespace: Amazon.KeyManagementService.Model
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z

Syntax

C#
public class ReEncryptRequest : AmazonKeyManagementServiceRequest
         IAmazonWebServiceRequest

The ReEncryptRequest type exposes the following members

Constructors

NameDescription
Public Method ReEncryptRequest()

Properties

NameTypeDescription
Public Property CiphertextBlob System.IO.MemoryStream

Gets and sets the property CiphertextBlob.

Ciphertext of the data to reencrypt.

Public Property DestinationEncryptionContext System.Collections.Generic.Dictionary<System.String, System.String>

Gets and sets the property DestinationEncryptionContext.

Encryption context to use when the data is reencrypted.

Public Property DestinationKeyId System.String

Gets and sets the property DestinationKeyId.

A unique identifier for the CMK to use to reencrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012

  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName

  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012

  • Alias Name Example - alias/MyAliasName

Public Property GrantTokens System.Collections.Generic.List<System.String>

Gets and sets the property GrantTokens.

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Public Property SourceEncryptionContext System.Collections.Generic.Dictionary<System.String, System.String>

Gets and sets the property SourceEncryptionContext.

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Examples

The following example reencrypts data with the specified CMK.

To reencrypt data


var response = client.ReEncrypt(new ReEncryptRequest 
{
    CiphertextBlob = new MemoryStream(), // The data to reencrypt.
    DestinationKeyId = "0987dcba-09fe-87dc-65ba-ab0987654321" // The identifier of the CMK to use to reencrypt the data. You can use the key ID or Amazon Resource Name (ARN) of the CMK, or the name or ARN of an alias that refers to the CMK.
});

MemoryStream ciphertextBlob = response.CiphertextBlob; // The reencrypted data.
string keyId = response.KeyId; // The ARN of the CMK that was used to reencrypt the data.
string sourceKeyId = response.SourceKeyId; // The ARN of the CMK that was used to originally encrypt the data.

            

Version Information

.NET Standard:
Supported in: 1.3

.NET Framework:
Supported in: 4.5, 4.0, 3.5

Portable Class Library:
Supported in: Windows Store Apps
Supported in: Windows Phone 8.1
Supported in: Xamarin Android
Supported in: Xamarin iOS (Unified)
Supported in: Xamarin.Forms