We are excited to announce the developer preview of our new API documentation for AWS SDK for JavaScript v3. Please follow instructions on the landing page to leave us your feedback.
Optional CustomerOptional EncryptionThe encryption algorithms that KMS supports for this key.
This information is critical. If a public key encrypts data outside of KMS by using an unsupported encryption algorithm, the ciphertext cannot be decrypted.
This field appears in the response only when the KeyUsage of the public key
is ENCRYPT_DECRYPT.
Optional KeyThe Amazon Resource Name (key ARN) of the asymmetric KMS key from which the public key was downloaded.
Optional KeyThe type of the of the public key that was downloaded.
Optional KeyThe permitted use of the public key. Valid values are ENCRYPT_DECRYPT or
SIGN_VERIFY.
This information is critical. If a public key with SIGN_VERIFY key usage
encrypts data outside of KMS, the ciphertext cannot be decrypted.
Optional PublicThe exported public key.
The value is a DER-encoded X.509 public key, also known as
SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.
Optional SigningThe signing algorithms that KMS supports for this key.
This field appears in the response only when the KeyUsage of the public key
is SIGN_VERIFY.
Deprecated
Instead, use the
KeySpecfield in theGetPublicKeyresponse.The
KeySpecandCustomerMasterKeySpecfields have the same value. We recommend that you use theKeySpecfield in your code. However, to avoid breaking changes, KMS supports both fields.