Set provider ID correctly in the encrypted data key.

src/main/java/com/amazonaws/encryptionsdk/internal/AesGcmJceKeyCipher.java

@@ -55,17 +55,17 @@ private static byte[] specToBytes(final GCMParameterSpec spec) {
         return baos.toByteArray();
     }
 
-    private static GCMParameterSpec bytesToSpec(final byte[] data, final int offset) throws GeneralSecurityException {
+    private static GCMParameterSpec bytesToSpec(final byte[] data, final int offset) throws InvalidKeyException {
         final ByteArrayInputStream bais = new ByteArrayInputStream(data, offset, data.length - offset);
         try (final DataInputStream dis = new DataInputStream(bais)) {
             final int tagLen = dis.readInt();
             final int nonceLen = dis.readInt();
 
-            if(tagLen != TAG_LENGTH) {
+            if (tagLen != TAG_LENGTH) {
                 throw new InvalidKeyException(String.format("Authentication tag length must be %s", TAG_LENGTH));
             }
 
-            if(nonceLen != NONCE_LENGTH) {
+            if (nonceLen != NONCE_LENGTH) {
                 throw new InvalidKeyException(String.format("Initialization vector (IV) length must be %s", NONCE_LENGTH));
             }
 

src/main/java/com/amazonaws/encryptionsdk/internal/JceKeyCipher.java

@@ -75,11 +75,12 @@ abstract Cipher buildUnwrappingCipher(Key key, byte[] extraInfo, int offset,
      * Encrypts the given key, incorporating the given keyName and encryptionContext.
      * @param key The key to encrypt.
      * @param keyName A UTF-8 encoded representing a name for the key.
+     * @param keyNamespace A UTF-8 encoded value that namespaces the key.
      * @param encryptionContext A key-value mapping of arbitrary, non-secret, UTF-8 encoded strings used
      *                         during encryption and decryption to provide additional authenticated data (AAD).
      * @return The encrypted data key.
      */
-    public EncryptedDataKey encryptKey(final byte[] key, final String keyName,
+    public EncryptedDataKey encryptKey(final byte[] key, final String keyName, final String keyNamespace,
                                        final Map<String, String> encryptionContext) {
 
         final byte[] keyNameBytes = keyName.getBytes(KEY_NAME_ENCODING);
@@ -93,7 +94,7 @@ public EncryptedDataKey encryptKey(final byte[] key, final String keyName,
             System.arraycopy(keyNameBytes, 0, provInfo, 0, keyNameBytes.length);
             System.arraycopy(wData.extraInfo, 0, provInfo, keyNameBytes.length, wData.extraInfo.length);
 
-            return new KeyBlob(keyName, provInfo, encryptedKey);
+            return new KeyBlob(keyNamespace, provInfo, encryptedKey);
         } catch (final GeneralSecurityException gsex) {
             throw new AwsCryptoException(gsex);
         }
@@ -103,7 +104,7 @@ public EncryptedDataKey encryptKey(final byte[] key, final String keyName,
      * Decrypts the given encrypted data key.
      *
      * @param edk The encrypted data key.
-     * @param keyName A UTF-8 encoded representing a name for the key.
+     * @param keyName A UTF-8 encoded String representing a name for the key.
      * @param encryptionContext A key-value mapping of arbitrary, non-secret, UTF-8 encoded strings used
      *                          during encryption and decryption to provide additional authenticated data (AAD).
      * @return The decrypted key.

src/main/java/com/amazonaws/encryptionsdk/jce/JceMasterKey.java

@@ -111,7 +111,7 @@ public DataKey<JceMasterKey> generateDataKey(final CryptoAlgorithm algorithm,
             final Map<String, String> encryptionContext) {
         final byte[] rawKey = new byte[algorithm.getDataKeyLength()];
         rnd.nextBytes(rawKey);
-        EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(rawKey, keyId_, encryptionContext);
+        EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(rawKey, keyId_, providerName_, encryptionContext);
         return new DataKey<>(new SecretKeySpec(rawKey, algorithm.getDataKeyAlgo()),
                 encryptedDataKey.getEncryptedDataKey(), encryptedDataKey.getProviderInformation(), this);
     }
@@ -129,7 +129,7 @@ public DataKey<JceMasterKey> encryptDataKey(final CryptoAlgorithm algorithm,
             throw new IllegalArgumentException("Incorrect key algorithm. Expected " + key.getAlgorithm()
                     + " but got " + algorithm.getKeyAlgo());
         }
-        EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(key.getEncoded(), keyId_, encryptionContext);
+        EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(key.getEncoded(), keyId_, providerName_, encryptionContext);
         return new DataKey<>(key, encryptedDataKey.getEncryptedDataKey(), encryptedDataKey.getProviderInformation(), this);
     }