CustomerMasterKeySpec => Str

The type of the of the public key that was downloaded.

Valid values are: "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT" =head2 EncryptionAlgorithms => ArrayRef[Str|Undef]

The encryption algorithms that AWS KMS supports for this key.

This information is critical. If a public key encrypts data outside of AWS KMS by using an unsupported encryption algorithm, the ciphertext cannot be decrypted.

This field appears in the response only when the "KeyUsage" of the public key is "ENCRYPT_DECRYPT".

KeyId => Str

The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) of the asymmetric CMK from which the public key was downloaded.

KeyUsage => Str

The permitted use of the public key. Valid values are "ENCRYPT_DECRYPT" or "SIGN_VERIFY".

This information is critical. If a public key with "SIGN_VERIFY" key usage encrypts data outside of AWS KMS, the ciphertext cannot be decrypted.

Valid values are: "SIGN_VERIFY", "ENCRYPT_DECRYPT" =head2 PublicKey => Str

The exported public key.

The value is a DER-encoded X.509 public key, also known as "SubjectPublicKeyInfo" (SPKI), as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280). When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.

SigningAlgorithms => ArrayRef[Str|Undef]

The signing algorithms that AWS KMS supports for this key.

This field appears in the response only when the "KeyUsage" of the public key is "SIGN_VERIFY".

_request_id => Str