Abstract KMS client interface for DEK/KEK key wrapping. More...

Inheritance diagram for signet::forge::crypto::IKmsClient:

Public Member Functions
virtual	~IKmsClient ()=default

virtual expected< std::vector< uint8_t > >	wrap_key (const std::vector< uint8_t > &dek, const std::string &master_key_id) const =0
	Wrap (encrypt) a DEK under the KEK identified by `master_key_id`.

virtual expected< std::vector< uint8_t > >	unwrap_key (const std::vector< uint8_t > &wrapped_dek, const std::string &master_key_id) const =0
	Unwrap (decrypt) a wrapped DEK using the KEK identified by `master_key_id`.

Detailed Description

Abstract KMS client interface for DEK/KEK key wrapping.

Subclass this to integrate with a specific KMS provider. The interface is intentionally minimal — only wrap and unwrap.

Definition at line 97 of file key_metadata.hpp.

Constructor & Destructor Documentation

virtual signet::forge::crypto::IKmsClient::~IKmsClient ( )

virtualdefault

virtual expected< std::vector< uint8_t > > signet::forge::crypto::IKmsClient::unwrap_key	(	const std::vector< uint8_t > &	wrapped_dek,
		const std::string &	master_key_id
	)		const

pure virtual

Unwrap (decrypt) a wrapped DEK using the KEK identified by master_key_id.

Parameters

wrapped_dek	Wrapped DEK bytes (as returned by wrap_key).
master_key_id	KMS identifier for the Key Encryption Key (KEK).

Returns: Unwrapped (plaintext) DEK bytes, or error on KMS failure / auth failure.

virtual expected< std::vector< uint8_t > > signet::forge::crypto::IKmsClient::wrap_key	(	const std::vector< uint8_t > &	dek,
		const std::string &	master_key_id
	)		const

pure virtual

Wrap (encrypt) a DEK under the KEK identified by master_key_id.

Parameters

dek	Raw Data Encryption Key bytes (typically 32 bytes for AES-256).
master_key_id	KMS identifier for the Key Encryption Key (KEK).

The documentation for this class was generated from the following file: