Encrypting data using the AWS Encryption SDK

Written by

Adding dependencies
Encryption and decryption

AWS Encryption SDK is a library that simplifies the process of encrypting and decrypting data. Use it if you want to securely encrypt data without going into the details of encryption algorithms.

The Yandex Cloud provider for the AWS Encryption SDK lets you use the AWS Encryption SDK to encrypt and decrypt data with Yandex Cloud KMS keys. Data is encrypted using envelope encryption (the size of plaintext is not limited). The provider is only supported for Java.

Adding dependencies

Before you start, you need to add dependencies.

Java

Add dependencies using Apache Maven:

<dependency>
    <groupId>com.yandex.cloud</groupId>
    <artifactId>kms-provider-awscrypto</artifactId>
    <version>2.1</version>
</dependency>

Encryption and decryption

Create a Yandex Cloud provider for the AWS Encryption SDK and use the methods of the AwsCrypto class to encrypt and decrypt data.

Java

YcKmsMasterKeyProvider provider = new YcKmsMasterKeyProvider()
    .withEndpoint(endpoint)
    .withCredentials(credentialProvider)
    .withKeyId(keyId);
AwsCrypto awsCrypto = AwsCrypto.standard();

...

byte[] ciphertext = awsCrypto.encryptData(provider, plaintext, aad).getResult();

...

byte[] plaintext = awsCrypto.decryptData(provider, ciphertext).getResult();

Where:

endpoint – api.cloud.yandex.net:443.
credentials: Determines the authentication method (for more information, see Authentication in the Yandex Cloud SDK).
keyId: ID of the key in KMS.
plaintext: Unencrypted text.
ciphertext: Encrypted text.
aad: AAD context.

Encrypting data using the AWS Encryption SDK

Adding dependencies

Encryption and decryption

See also

Was the article helpful?