Skip to content

Commit 5b42ba8

Browse files
lucasmcdonald3lucasmcdonald3
authored
chore(Examples): Demonstrate updating algorithm suite on basic examples (#191)
1 parent 48cd864 commit 5b42ba8

File tree

3 files changed

+39
-0
lines changed

3 files changed

+39
-0
lines changed

Examples/runtimes/java/DynamoDbEncryption/src/main/java/software/amazon/cryptography/examples/BasicPutGetExample.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import software.amazon.cryptography.materialproviders.IKeyring;
99
import software.amazon.cryptography.materialproviders.MaterialProviders;
1010
import software.amazon.cryptography.materialproviders.model.CreateAwsKmsMrkMultiKeyringInput;
11+
import software.amazon.cryptography.materialproviders.model.DBEAlgorithmSuiteId;
1112
import software.amazon.cryptography.materialproviders.model.MaterialProvidersConfig;
1213
import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoAction;
1314
import software.amazon.cryptography.dbencryptionsdk.dynamodb.DynamoDbEncryptionInterceptor;
@@ -95,6 +96,18 @@ public static void PutItemGetItem(String kmsKeyId, String ddbTableName) {
9596
.attributeActions(attributeActions)
9697
.keyring(kmsKeyring)
9798
.allowedUnauthenticatedAttributePrefix(unauthAttrPrefix)
99+
// Specifying an algorithm suite is not required,
100+
// but is done here to demonstrate how to do so.
101+
// We suggest using the
102+
// `ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384` suite,
103+
// which includes AES-GCM with key derivation, signing, and key commitment.
104+
// This is also the default algorithm suite if one is not specified in this config.
105+
// For more information on supported algorithm suites, see
106+
// TODO: Add DB ESDK-specific link, similar to
107+
// https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/supported-algorithms.html,
108+
// but with accurate information for DB ESDK
109+
.algorithmSuiteId(
110+
DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384)
98111
.build();
99112
tableConfigs.put(ddbTableName, config);
100113

Examples/runtimes/java/DynamoDbEncryption/src/main/java/software/amazon/cryptography/examples/enhanced/EnhancedPutGetExample.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
import software.amazon.cryptography.materialproviders.IKeyring;
1010
import software.amazon.cryptography.materialproviders.MaterialProviders;
1111
import software.amazon.cryptography.materialproviders.model.CreateAwsKmsMrkMultiKeyringInput;
12+
import software.amazon.cryptography.materialproviders.model.DBEAlgorithmSuiteId;
1213
import software.amazon.cryptography.materialproviders.model.MaterialProvidersConfig;
1314
import software.amazon.cryptography.dbencryptionsdk.dynamodb.DynamoDbEncryptionInterceptor;
1415
import software.amazon.cryptography.dbencryptionsdk.dynamodb.enhancedclient.CreateDynamoDbEncryptionInterceptorInput;
@@ -93,6 +94,18 @@ public static void PutItemGetItem(String kmsKeyId, String ddbTableName) {
9394
.keyring(kmsKeyring)
9495
.allowedUnauthenticatedAttributePrefix(unauthAttrPrefix)
9596
.tableSchema(tableSchema)
97+
// Specifying an algorithm suite is not required,
98+
// but is done here to demonstrate how to do so.
99+
// We suggest using the
100+
// `ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384` suite,
101+
// which includes AES-GCM with key derivation, signing, and key commitment.
102+
// This is also the default algorithm suite if one is not specified in this config.
103+
// For more information on supported algorithm suites, see
104+
// TODO: Add DB ESDK-specific link, similar to
105+
// https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/supported-algorithms.html,
106+
// but with accurate information for DB ESDK
107+
.algorithmSuiteId(
108+
DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384)
96109
.build());
97110

98111
// 4. Create the DynamoDb Encryption Interceptor, using the DynamoDbEnhancedClientEncryption helper

Examples/runtimes/java/DynamoDbEncryption/src/main/java/software/amazon/cryptography/examples/itemencryptor/ItemEncryptDecryptExample.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import software.amazon.cryptography.materialproviders.IKeyring;
99
import software.amazon.cryptography.materialproviders.MaterialProviders;
1010
import software.amazon.cryptography.materialproviders.model.CreateAwsKmsMrkMultiKeyringInput;
11+
import software.amazon.cryptography.materialproviders.model.DBEAlgorithmSuiteId;
1112
import software.amazon.cryptography.materialproviders.model.MaterialProvidersConfig;
1213
import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoAction;
1314

@@ -98,6 +99,18 @@ public static void PutItemGetItem(String kmsKeyId, String ddbTableName) {
9899
.attributeActions(attributeActions)
99100
.keyring(kmsKeyring)
100101
.allowedUnauthenticatedAttributePrefix(unauthAttrPrefix)
102+
// Specifying an algorithm suite is not required,
103+
// but is done here to demonstrate how to do so.
104+
// We suggest using the
105+
// `ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384` suite,
106+
// which includes AES-GCM with key derivation, signing, and key commitment.
107+
// This is also the default algorithm suite if one is not specified in this config.
108+
// For more information on supported algorithm suites, see
109+
// TODO: Add DB ESDK-specific link, similar to
110+
// https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/supported-algorithms.html,
111+
// but with accurate information for DB ESDK
112+
.algorithmSuiteId(
113+
DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384)
101114
.build();
102115

103116
// 4. Create the DynamoDb Item Encryptor

0 commit comments

Comments
 (0)