KeySpec
- class aws_cdk.aws_kms.KeySpec(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)
Bases:
Enum
The key spec, represents the cryptographic configuration of keys.
- ExampleMetadata:
infused
Example:
key = kms.Key(self, "MyKey", key_spec=kms.KeySpec.ECC_SECG_P256K1, # Default to SYMMETRIC_DEFAULT key_usage=kms.KeyUsage.SIGN_VERIFY )
Attributes
- ECC_NIST_P256
NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-256 for the message digest.
Valid usage: SIGN_VERIFY
- ECC_NIST_P384
NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-384 for the message digest.
Valid usage: SIGN_VERIFY
- ECC_NIST_P521
NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-512 for the message digest.
Valid usage: SIGN_VERIFY
- ECC_SECG_P256K1
Standards for Efficient Cryptography 2, Section 2.4.1, ECDSA signature on the Koblitz curve.
Valid usage: SIGN_VERIFY
- HMAC_224
Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA224.
Valid usage: GENERATE_VERIFY_MAC
- HMAC_256
Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA256.
Valid usage: GENERATE_VERIFY_MAC
- HMAC_384
Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA384.
Valid usage: GENERATE_VERIFY_MAC
- HMAC_512
Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA512.
Valid usage: GENERATE_VERIFY_MAC
- RSA_2048
RSA with 2048 bits of key.
Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY
- RSA_3072
RSA with 3072 bits of key.
Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY
- RSA_4096
RSA with 4096 bits of key.
Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY
- SM2
Elliptic curve key spec available only in China Regions.
Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY
- SYMMETRIC_DEFAULT
The default key spec.
Valid usage: ENCRYPT_DECRYPT