kms/aws.sdk.kotlin.services.kms.model/GetParametersForImportRequest/wrappingAlgorithm

wrappingAlgorithm

val wrappingAlgorithm: AlgorithmSpec?

The algorithm you will use with the RSA public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide.

For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS.

The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm.

  • RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material.

  • RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.

  • RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key).You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.

  • RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key).You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.

  • RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.

© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka