The length of the random byte string. This parameter is required.
A signed attestation document from
an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key.
The only valid encryption algorithm is
This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.
When you use this parameter, instead of returning plaintext bytes, KMS encrypts the
plaintext bytes under the public key in the attestation document, and returns the resulting
ciphertext in the
CiphertextForRecipient field in the response. This ciphertext
can be decrypted only with the private key in the enclave. The
Plaintext field in
the response is null or empty.
For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
Generates the random byte string in the CloudHSM cluster that is associated with the specified CloudHSM key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
External key store IDs are not valid for this parameter. If you specify the ID of an external key store,