| Copyright | (c) 2015-2016 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
| Stability | provisional |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
| Language | Haskell2010 |
Credentials.KMS
Description
Encryption and decryption of local data, by using a wrapped key mechanism and master keys stored in KMS.
See the Credentials module for usage information.
Documentation
encrypt :: (MonadAWS m, Typeable m) => KeyId -> Context -> Name -> ByteString -> m Encrypted Source
Encrypt a plaintext ByteString with the given master key and
encryption context. The Name is used to annotate error messages.
The wrapped data encryption key, ciphertext, and HMAC SHA256 are returned if no error occurs.
decrypt :: MonadAWS m => Context -> Name -> Encrypted -> m ByteString Source
Decrypt ciphertext using the given encryption context, and wrapped
data encryption key. The HMAC SHA256 is recalculated and compared for
message integrity. The Name is used to annotate error messages.
The resulting unencrypted plaintext ByteString is returned if no error occurs.