Support KMS asymmetric keys

[anmgarg]

Hello,

I am unable to figure out few things while using kms. I have the following use case:

1. GenerateDataKeyPairWithoutPlainText - CLI
2. Store the above generated keys in the AWS secret manager - Console
3. Fetch the public key and give it to the client - Java
4. Client encrypts data and send it to us.- Java
5. We fetch the private key from the secret manager and decrypt data sent to us by client. - Java

I have executed the first three steps and need a Java Example for the last two. Thanks!

[alex-chew]

Hi, thanks for reaching out. The Encryption SDK doesn't support using KMS asymmetric keys for encryption and decryption, and so we don't have examples for that.

For the use case you describe, you probably don't need to involve Secrets Manager - you can use KMS directly. The KMS Developer Guide [1] explains how to use asymmetric key pairs [2] and how access the public key [3].

[1] https://docs.aws.amazon.com/kms/latest/developerguide/overview.html
[2] https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks
[3] https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html