Generate data keys
Generate data keys for local encryption
generate_data_key(key, spec = c("AES_256", "AES_128"), plaintext = TRUE, ...)key |
A character string specifying a key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with “alias/”. |
spec |
A character string specifying the length of the data encryption key, either “AES_256” or “AES_128”. |
plaintext |
A logical indicating whether to return the data key in plain text, as well as in encrypted form. |
... |
Additional arguments passed to |
This function generates and returns a “data key” for use in local encrption. The suggested workflow from AWS is to encrypt, do the following:
Use this operation (generate_data_key) to get a data encryption key.
Use the plaintext data encryption key (returned in the Plaintext field of the response) to encrypt data locally, then erase the plaintext data key from memory.
Store the encrypted data key (returned in the CiphertextBlob field of the response) alongside the locally encrypted data.
Then to decrypt locally:
Use decrypt to decrypt the encrypted data key into a plaintext copy of the data key.
Use the plaintext data key to decrypt data locally, then erase the plaintext data key from memory.
encrypt returns a base64-encoded binary object as a character string.
## Not run: # create a (CMK) key k <- create_kms_key() # generate a data key for local encryption datakey <- generate_data_key(key = k) ## encrypt something locally using datakey$Plaintext ## then delete the plaintext key datakey$Plaintext <- NULL # decrypt the encrypted data key datakey$Plaintext <- decrypt(datakey$CiphertextBlob, k, encode = FALSE) ## then use this to decrypt locally # cleanup delete_kms_key(k) ## End(Not run)
Please choose more modern alternatives, such as Google Chrome or Mozilla Firefox.