KMS / Client / exceptions / InvalidKeyUsageException

InvalidKeyUsageException#

class KMS.Client.exceptions.InvalidKeyUsageException#

The request was rejected for one of the following reasons:

  • The KeyUsage value of the KMS key is incompatible with the API operation.

  • The encryption algorithm or signing algorithm specified for the operation is incompatible with the type of key material in the KMS key (KeySpec).

For encrypting, decrypting, re-encrypting, and generating data keys, the KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage of a KMS key, use the DescribeKey operation.

To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation.

Example

try:
  ...
except client.exceptions.InvalidKeyUsageException as e:
  print(e.response)
response#

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'message': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) –

    The request was rejected for one of the following reasons:

    • The KeyUsage value of the KMS key is incompatible with the API operation.

    • The encryption algorithm or signing algorithm specified for the operation is incompatible with the type of key material in the KMS key (KeySpec).

    For encrypting, decrypting, re-encrypting, and generating data keys, the KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage of a KMS key, use the DescribeKey operation.

    To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation.

    • message (string) –

    • Error (dict) – Normalized access to common exception attributes.

      • Code (string) – An identifier specifying the exception type.

      • Message (string) – A descriptive message explaining why the exception occured.