AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Imports key material into an existing AWS KMS customer master key (CMK) that was created without key material. You cannot perform this operation on a CMK in a different AWS account. For more information about creating CMKs with no key material and then importing key material, see Importing Key Material in the AWS Key Management Service Developer Guide.

Before using this operation, call GetParametersForImport. Its response includes a public key and an import token. Use the public key to encrypt the key material. Then, submit the import token from the same GetParametersForImport response.

When calling this operation, you must specify the following values:

When this operation is successful, the CMK's key state changes from PendingImport to Enabled, and you can use the CMK. After you successfully import key material into a CMK, you can reimport the same key material into that CMK, but you cannot import different key material.

The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.

Note:

For .NET Core and PCL this operation is only available in asynchronous form. Please refer to ImportKeyMaterialAsync.

Namespace: Amazon.KeyManagementService
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z

Syntax

C#
public virtual ImportKeyMaterialResponse ImportKeyMaterial(
         ImportKeyMaterialRequest request
)
Parameters
request
Type: Amazon.KeyManagementService.Model.ImportKeyMaterialRequest

Container for the necessary parameters to execute the ImportKeyMaterial service method.

Return Value
The response from the ImportKeyMaterial service method, as returned by KeyManagementService.

Exceptions

ExceptionCondition
DependencyTimeoutException The system timed out while trying to fulfill the request. The request can be retried.
ExpiredImportTokenException The request was rejected because the provided import token is expired. Use GetParametersForImport to get a new import token and public key, use the new public key to encrypt the key material, and then try the request again.
IncorrectKeyMaterialException The request was rejected because the provided key material is invalid or is not the same key material that was previously imported into this customer master key (CMK).
InvalidArnException The request was rejected because a specified ARN was not valid.
InvalidCiphertextException The request was rejected because the specified ciphertext, or additional authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted, missing, or otherwise invalid.
InvalidImportTokenException The request was rejected because the provided import token is invalid or is associated with a different customer master key (CMK).
KMSInternalException The request was rejected because an internal exception occurred. The request can be retried.
KMSInvalidStateException The request was rejected because the state of the specified resource is not valid for this request. For more information about how key state affects the use of a CMK, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.
NotFoundException The request was rejected because the specified entity or resource could not be found.
UnsupportedOperationException The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation.

Examples

The following example imports key material into the specified CMK.

To import key material into a customer master key (CMK)


var response = client.ImportKeyMaterial(new ImportKeyMaterialRequest 
{
    EncryptedKeyMaterial = new MemoryStream(), // The encrypted key material to import.
    ExpirationModel = "KEY_MATERIAL_DOES_NOT_EXPIRE", // A value that specifies whether the key material expires.
    ImportToken = new MemoryStream(), // The import token that you received in the response to a previous GetParametersForImport request.
    KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab" // The identifier of the CMK to import the key material into. You can use the key ID or the Amazon Resource Name (ARN) of the CMK.
});


            

Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5

Portable Class Library:
Supported in: Windows Store Apps
Supported in: Windows Phone 8.1
Supported in: Xamarin Android
Supported in: Xamarin iOS (Unified)
Supported in: Xamarin.Forms

See Also