Options
All
  • Public
  • Public/Protected
  • All
Menu

Interface GetPublicKeyCommandOutput

Hierarchy

Index

Properties

$metadata

$metadata: ResponseMetadata

Metadata pertaining to this request.

Optional CustomerMasterKeySpec

CustomerMasterKeySpec: CustomerMasterKeySpec | string
deprecated

Instead, use the KeySpec field in the GetPublicKey response.

The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.

Optional EncryptionAlgorithms

EncryptionAlgorithms: (EncryptionAlgorithmSpec | string)[]

The encryption algorithms that KMS supports for this key.

This information is critical. If a public key encrypts data outside of KMS by using an unsupported encryption algorithm, the ciphertext cannot be decrypted.

This field appears in the response only when the KeyUsage of the public key is ENCRYPT_DECRYPT.

Optional KeyId

KeyId: undefined | string

The Amazon Resource Name (key ARN) of the asymmetric KMS key from which the public key was downloaded.

Optional KeySpec

KeySpec: KeySpec | string

The type of the of the public key that was downloaded.

Optional KeyUsage

KeyUsage: KeyUsageType | string

The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY.

This information is critical. If a public key with SIGN_VERIFY key usage encrypts data outside of KMS, the ciphertext cannot be decrypted.

Optional PublicKey

PublicKey: Uint8Array

The exported public key.

The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.

Optional SigningAlgorithms

SigningAlgorithms: (SigningAlgorithmSpec | string)[]

The signing algorithms that KMS supports for this key.

This field appears in the response only when the KeyUsage of the public key is SIGN_VERIFY.