AwsEncryptionSdk.Cmm.Default (AWS Encryption SDK v0.7.0)
View SourceDefault Cryptographic Materials Manager implementation.
The Default CMM wraps a keyring and provides the standard CMM behavior for encryption and decryption operations. It handles:
- Algorithm suite selection and validation against commitment policy
- Signing key generation for signed algorithm suites
- Keyring orchestration for data key generation/encryption/decryption
- Materials validation
Example
# Create a keyring
{:ok, keyring} = RawAes.new("namespace", "key-name", key_bytes, :aes_256_gcm)
# Create the CMM
cmm = Default.new(keyring)
# Get encryption materials
{:ok, materials} = Default.get_encryption_materials(cmm, %{
encryption_context: %{"purpose" => "example"},
commitment_policy: :require_encrypt_require_decrypt
})Spec Reference
https://github.com/awslabs/aws-encryption-sdk-specification/blob/master/framework/default-cmm.md
Summary
Functions
Creates a new Default CMM wrapping the given keyring.
Types
@type keyring() :: AwsEncryptionSdk.Keyring.RawAes.t() | AwsEncryptionSdk.Keyring.RawRsa.t() | AwsEncryptionSdk.Keyring.Multi.t() | AwsEncryptionSdk.Keyring.AwsKms.t() | AwsEncryptionSdk.Keyring.AwsKmsDiscovery.t() | AwsEncryptionSdk.Keyring.AwsKmsMrk.t() | AwsEncryptionSdk.Keyring.AwsKmsMrkDiscovery.t()
@type t() :: %AwsEncryptionSdk.Cmm.Default{keyring: keyring()}
Functions
Creates a new Default CMM wrapping the given keyring.
Parameters
keyring- A keyring struct (RawAes, RawRsa, or Multi)
Examples
iex> key = :crypto.strong_rand_bytes(32)
iex> {:ok, aes_keyring} = AwsEncryptionSdk.Keyring.RawAes.new("ns", "key", key, :aes_256_gcm)
iex> cmm = AwsEncryptionSdk.Cmm.Default.new(aes_keyring)
iex> is_struct(cmm, AwsEncryptionSdk.Cmm.Default)
true