npm - @aws-sdk/client-kms - Versions diffs - 3.131.0 → 3.141.0 - Mend

@aws-sdk/client-kms 3.131.0 → 3.141.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (138) hide show

package/dist-types/commands/GenerateDataKeyPairWithoutPlaintextCommand.d.ts CHANGED Viewed

@@ -20,9 +20,9 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandOutput extends Genera
  *       custom key store. To get the type and origin of your KMS key, use the <a>DescribeKey</a>
  *       operation. </p>
  *          <p>Use the <code>KeyPairSpec</code> parameter to choose an RSA or Elliptic Curve (ECC) data
- *       key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs for
- *       either encryption or signing, but not both. However, KMS cannot enforce any restrictions on
- *       the use of data key pairs outside of KMS.</p>
+ *       key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you
+ *       use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not
+ *       both. However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.</p>
  *          <p>
  *             <code>GenerateDataKeyPairWithoutPlaintext</code> returns a unique data key pair for each
  *       request. The bytes in the key are not related to the caller or KMS key that is used to encrypt

package/dist-types/commands/GenerateRandomCommand.d.ts CHANGED Viewed

@@ -8,13 +8,16 @@ export interface GenerateRandomCommandOutput extends GenerateRandomResponse, __M
 }
 /**
  * <p>Returns a random byte string that is cryptographically secure.</p>
+ *          <p>You must use the <code>NumberOfBytes</code> parameter to specify the length of the random
+ *       byte string. There is no default value for string length.</p>
  *          <p>By default, the random byte string is generated in KMS. To generate the byte string in
  *       the CloudHSM cluster that is associated with a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, specify the custom key store
  *       ID.</p>
  *          <p>Applications in Amazon Web Services Nitro Enclaves can call this operation by using the <a href="https://github.com/aws/aws-nitro-enclaves-sdk-c">Amazon Web Services Nitro Enclaves Development Kit</a>. For information about the supporting parameters, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves use KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>For more information about entropy and random number generation, see
  *       <a href="https://docs.aws.amazon.com/kms/latest/cryptographic-details/">Key Management Service Cryptographic Details</a>.</p>
- *
+ *          <p>
+ *             <b>Cross-account use</b>: Not applicable. <code>GenerateRandom</code> does not use any account-specific resources, such as KMS keys.</p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GenerateRandom</a> (IAM policy)</p>
  * @example

package/dist-types/commands/GetPublicKeyCommand.d.ts CHANGED Viewed

@@ -16,8 +16,11 @@ export interface GetPublicKeyCommandOutput extends GetPublicKeyResponse, __Metad
  *       KMS by calling the <a>Encrypt</a>, <a>ReEncrypt</a>, or <a>Verify</a> operations with the identifier of an asymmetric KMS key. When you use the
  *       public key within KMS, you benefit from the authentication, authorization, and logging that
  *       are part of every KMS operation. You also reduce of risk of encrypting data that cannot be
- *       decrypted. These features are not effective outside of KMS. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/download-public-key.html#download-public-key-considerations">Special
- *         Considerations for Downloading Public Keys</a>.</p>
+ *       decrypted. These features are not effective outside of KMS.</p>
+ *          <p>To verify a signature outside of KMS with an SM2 public key (China Regions only), you must
+ *       specify the distinguishing ID. By default, KMS uses <code>1234567812345678</code> as the
+ *       distinguishing ID. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification">Offline verification
+ *       with SM2 key pairs</a>.</p>
  *          <p>To help you use the public key safely outside of KMS, <code>GetPublicKey</code> returns
  *       important information about the public key in the response, including:</p>
  *          <ul>

package/dist-types/commands/UpdateCustomKeyStoreCommand.d.ts CHANGED Viewed

@@ -42,7 +42,7 @@ export interface UpdateCustomKeyStoreCommandOutput extends UpdateCustomKeyStoreR
  *          </ul>
  *          <p>If the operation succeeds, it returns a JSON object with no
  * properties.</p>
- *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in KMS, which
+ *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store feature</a> feature in KMS, which
  * combines the convenience and extensive integration of KMS with the isolation and control of a
  * single-tenant key store.</p>
  *          <p>

package/dist-types/commands/VerifyCommand.d.ts CHANGED Viewed

@@ -22,7 +22,11 @@ export interface VerifyCommandOutput extends VerifyResponse, __MetadataBearer {
  *       signature.</p>
  *          <p>You can also verify the digital signature by using the public key of the KMS key outside
  *       of KMS. Use the <a>GetPublicKey</a> operation to download the public key in the
- *       asymmetric KMS key and then use the public key to verify the signature outside of KMS. The
+ *       asymmetric KMS key and then use the public key to verify the signature outside of KMS. To
+ *       verify a signature outside of KMS with an SM2 public key, you must specify the distinguishing
+ *       ID. By default, KMS uses <code>1234567812345678</code> as the distinguishing ID. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification">Offline
+ *       verification with SM2 key pairs</a> in <i>Key Management Service Developer Guide</i>. The
  *       advantage of using the <code>Verify</code> operation is that it is performed within KMS. As
  *       a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged
  *       in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use