AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

This is the response object from the DeriveSharedSecret operation.

Inheritance Hierarchy

System.Object
  Amazon.Runtime.AmazonWebServiceResponse
    Amazon.KeyManagementService.Model.DeriveSharedSecretResponse

Namespace: Amazon.KeyManagementService.Model
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z

Syntax

C#
public class DeriveSharedSecretResponse : AmazonWebServiceResponse

The DeriveSharedSecretResponse type exposes the following members

Constructors

Properties

NameTypeDescription
Public Property CiphertextForRecipient System.IO.MemoryStream

Gets and sets the property CiphertextForRecipient.

The plaintext shared secret encrypted with the public key in the attestation document.

This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

Public Property ContentLength System.Int64 Inherited from Amazon.Runtime.AmazonWebServiceResponse.
Public Property HttpStatusCode System.Net.HttpStatusCode Inherited from Amazon.Runtime.AmazonWebServiceResponse.
Public Property KeyAgreementAlgorithm Amazon.KeyManagementService.KeyAgreementAlgorithmSpec

Gets and sets the property KeyAgreementAlgorithm.

Identifies the key agreement algorithm used to derive the shared secret.

Public Property KeyId System.String

Gets and sets the property KeyId.

Identifies the KMS key used to derive the shared secret.

Public Property KeyOrigin Amazon.KeyManagementService.OriginType

Gets and sets the property KeyOrigin.

The source of the key material for the specified KMS key.

When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material.

The only valid values for DeriveSharedSecret are AWS_KMS and EXTERNAL. DeriveSharedSecret does not support KMS keys with a KeyOrigin value of AWS_CLOUDHSM or EXTERNAL_KEY_STORE.

Public Property ResponseMetadata Amazon.Runtime.ResponseMetadata Inherited from Amazon.Runtime.AmazonWebServiceResponse.
Public Property SharedSecret System.IO.MemoryStream

Gets and sets the property SharedSecret.

The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer's public key.

If the response includes the CiphertextForRecipient field, the SharedSecret field is null or empty.

Examples

The following example derives a shared secret using a key agreement algorithm.

To derive a shared secret


var client = new AmazonKeyManagementServiceClient();
var response = client.DeriveSharedSecret(new DeriveSharedSecretRequest 
{
    KeyAgreementAlgorithm = "ECDH", // The key agreement algorithm used to derive the shared secret. The only valid value is ECDH.
    KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab", // The key identifier for an asymmetric KMS key pair. The private key in the specified key pair is used to derive the shared secret.
    PublicKey = new MemoryStream(MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH3Yj0wbkLEpUl95Cv1cJVjsVNSjwGq3tCLnzXfhVwVvmzGN8pYj3U8nKwgouaHbBWNJYjP5VutbbkKS4Kv4GojwZBJyHN17kmxo8yTjRmjR15SKIQ8cqRA2uaERMLnpztIXdZp232PQPbWGxDyXYJ0aJ5EFSag) // The public key in your peer's asymmetric key pair.
});

string keyAgreementAlgorithm = response.KeyAgreementAlgorithm; // The key agreement algorithm used to derive the shared secret.
string keyId = response.KeyId; // The asymmetric KMS key pair used to derive the shared secret.
string keyOrigin = response.KeyOrigin; // The source of the key material for the specified KMS key.
MemoryStream sharedSecret = response.SharedSecret; // The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer's public key.

            

Version Information

.NET:
Supported in: 8.0 and newer, Core 3.1

.NET Standard:
Supported in: 2.0

.NET Framework:
Supported in: 4.5 and newer, 3.5