aws-cdk-lib.aws_kms.KeySpec

enum KeySpec

LanguageType name
.NETAmazon.CDK.AWS.KMS.KeySpec
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awskms#KeySpec
Javasoftware.amazon.awscdk.services.kms.KeySpec
Pythonaws_cdk.aws_kms.KeySpec
TypeScript (source)aws-cdk-lib » aws_kms » KeySpec

The key spec, represents the cryptographic configuration of keys.

Example

const key = new kms.Key(this, 'MyKey', {
  keySpec: kms.KeySpec.ECC_SECG_P256K1, // Default to SYMMETRIC_DEFAULT
  keyUsage: kms.KeyUsage.SIGN_VERIFY,    // and ENCRYPT_DECRYPT
});

Members

NameDescription
SYMMETRIC_DEFAULTThe default key spec.
RSA_2048RSA with 2048 bits of key.
RSA_3072RSA with 3072 bits of key.
RSA_4096RSA with 4096 bits of key.
ECC_NIST_P256NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-256 for the message digest.
ECC_NIST_P384NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-384 for the message digest.
ECC_NIST_P521NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-512 for the message digest.
ECC_SECG_P256K1Standards for Efficient Cryptography 2, Section 2.4.1, ECDSA signature on the Koblitz curve.
HMAC_224Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA224.
HMAC_256Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA256.
HMAC_384Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA384.
HMAC_512Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA512.
SM2Elliptic curve key spec available only in China Regions.

SYMMETRIC_DEFAULT

The default key spec.

Valid usage: ENCRYPT_DECRYPT


RSA_2048

RSA with 2048 bits of key.

Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY


RSA_3072

RSA with 3072 bits of key.

Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY


RSA_4096

RSA with 4096 bits of key.

Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY


ECC_NIST_P256

NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-256 for the message digest.

Valid usage: SIGN_VERIFY


ECC_NIST_P384

NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-384 for the message digest.

Valid usage: SIGN_VERIFY


ECC_NIST_P521

NIST FIPS 186-4, Section 6.4, ECDSA signature using the curve specified by the key and SHA-512 for the message digest.

Valid usage: SIGN_VERIFY


ECC_SECG_P256K1

Standards for Efficient Cryptography 2, Section 2.4.1, ECDSA signature on the Koblitz curve.

Valid usage: SIGN_VERIFY


HMAC_224

Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA224.

Valid usage: GENERATE_VERIFY_MAC


HMAC_256

Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA256.

Valid usage: GENERATE_VERIFY_MAC


HMAC_384

Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA384.

Valid usage: GENERATE_VERIFY_MAC


HMAC_512

Hash-Based Message Authentication Code as defined in RFC 2104 using the message digest function SHA512.

Valid usage: GENERATE_VERIFY_MAC


SM2

Elliptic curve key spec available only in China Regions.

Valid usage: ENCRYPT_DECRYPT and SIGN_VERIFY