AWS Encryption SDK for Java
This topic explains how to install and use the AWS Encryption SDK for Java. For details about
programming with the AWS Encryption SDK for Java, see the aws-encryption-sdk-java
Prerequisites
Before you install the AWS Encryption SDK for Java, be sure you have the following prerequisites.
- A Java development environment
-
You will need Java 8 or later. On the Oracle website, go to Java SE Downloads
, and then download and install the Java SE Development Kit (JDK). If you use the Oracle JDK, you must also download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
. - Bouncy Castle
-
The AWS Encryption SDK for Java requires Bouncy Castle
. -
AWS Encryption SDK for Java versions 1.6.1 and later use Bouncy Castle to serialize and deserialize cryptographic objects. You can use Bouncy Castle or Bouncy Castle FIPS
to satisfy this requirement. For help installing and configuring Bouncy Castle FIPS, see BC FIPS Documentation , especially the User Guides and Security Policy PDFs. -
Earlier versions of the AWS Encryption SDK for Java use Bouncy Castle's cryptography API for Java. This requirement is satisfied only by non-FIPS Bouncy Castle.
If you don't have Bouncy Castle, go to Download Bouncy Castle for Java
to download the provider file that corresponds to your JDK. You can also use Apache Maven to get the artifact for the standard Bouncy Castle provider (bcprov-ext-jdk15on ) or the artifact for Bouncy Castle FIPS (bc-fips ). -
- AWS SDK for Java
-
Version 3.x of the AWS Encryption SDK for Java requires the AWS SDK for Java 2.x, even if you don't use AWS KMS keyrings.
Version 2.x or earlier of the AWS Encryption SDK for Java does not require the AWS SDK for Java. However, the AWS SDK for Java is required to use AWS Key Management Service
(AWS KMS) as a master key provider. Beginning in the AWS Encryption SDK for Java version 2.4.0, the AWS Encryption SDK for Java supports both version 1.x and 2.x of the AWS SDK for Java. AWS Encryption SDK code for the AWS SDK for Java 1.x and 2.x are interoperable. For example, you can encrypt data with AWS Encryption SDK code that supports AWS SDK for Java 1.x and decrypt it using code that supports AWS SDK for Java 2.x (or vice versa). Versions of the AWS Encryption SDK for Java earlier than 2.4.0 support only AWS SDK for Java 1.x. For information about updating your version of the AWS Encryption SDK, see Migrating your AWS Encryption SDK. When updating your AWS Encryption SDK for Java code from the AWS SDK for Java 1.x to AWS SDK for Java 2.x, replace references to the
AWSKMS
interface in AWS SDK for Java 1.x with references to theKmsClient
interfacein AWS SDK for Java 2.x. The AWS Encryption SDK for Java does not support the KmsAsyncClient
interface. Also, update your code to use the AWS KMS-related objects in the kmssdkv2
namespace, instead of thekms
namespace.To install the AWS SDK for Java, use Apache Maven.
-
To import the entire AWS SDK for Java as a dependency, declare it in your
pom.xml
file. -
To create a dependency only for the AWS KMS module in AWS SDK for Java 1.x, follow the instructions for specifying particular modules, and set the
artifactId
toaws-java-sdk-kms
. -
To create a dependency only for the AWS KMS module in AWS SDK for Java 2.x, follow the instructions for specifying particular modules. Set the
groupId
tosoftware.amazon.awssdk
and theartifactId
tokms
.
For more changes, see What's different between the AWS SDK for Java 1.x and 2.x in the AWS SDK for Java 2.x Developer Guide.
Java examples in the AWS Encryption SDK Developer Guide use the AWS SDK for Java 2.x.
-
Installation
Install the latest version of the AWS Encryption SDK for Java.
Note
All versions of the AWS Encryption SDK for Java earlier than 2.0.0 are in the end-of-support phase.
You can safely update from version 2.0.x and later to the latest version of the AWS Encryption SDK for Java without any code or data changes. However, new security features introduced in version 2.0.x are not backward-compatible. To update from versions earlier than 1.7.x to version 2.0.x and later, you must first update to the latest 1.x version of the AWS Encryption SDK. For details, see Migrating your AWS Encryption SDK.
You can install the AWS Encryption SDK for Java in the following ways.
- Manually
-
To install the AWS Encryption SDK for Java, clone or download the aws-encryption-sdk-java
GitHub repository. - Using Apache Maven
-
The AWS Encryption SDK for Java is available through Apache Maven
with the following dependency definition. <dependency> <groupId>com.amazonaws</groupId> <artifactId>aws-encryption-sdk-java</artifactId> <version>3.0.0</version> </dependency>
After you install the SDK, get started by looking at the example Java code in this guide and the Javadoc on
GitHub