GenerateDataKeyWithoutPlaintext

GET /?Action=GenerateDataKeyWithoutPlaintext
Description

Generates a data key using a Customer Master Key (CMK).
This method returns the encrypted data key only, not its decrypted form.

Body parameter

Required: false
Name: GenerateDataKeyWithoutPlaintextRequest

Name Description Required Schema Default Example

EncryptionContext

A context for the encryption, in the form of one or more '{"string": "string"}' pairs.
When decrypting the data key, you must specify the same context that was specified during encryption (if any), or the decryption will fail.

false

object

KeyId

The ID of the CMK.

true

string

KeySpec

The length of the data key you want to generate, in the AES standard: AES_128 for a length of 128 bits (16 bytes), or AES_256 for a length of 256 bits (32 bytes).
You must specify either this parameter or the NumberOfBytes parameter.

false

string

NumberOfBytes

The length of the data key you want to generate, in bytes (between 1 and 1024).
You must specify either this parameter or the KeySpec parameter.

false

integer
Responses
HTTP Code 200
HTTP Code Description Schema

200

GenerateDataKeyWithoutPlaintextResult

Response 200

Response 200

Name Description Required Schema Default Example

CiphertextBlob

The encrypted data key, encoded in base64.

false

string

KeyId

The ID of the CMK.

false

string