amazon web services - KMS get_public_key() UnsupportedOperationException

Question

When I run the following code (KEY_ID is a key_id that I've copied and pasted from the list returned from client.list_keys() ):

import boto3

client = boto3.client("kms")
client.list_keys()
client.get_public_key(KeyId = "KEY_ID")

# I've also tried:
client.get_public_key(KeyId = "KEY_ID", GrantTokens = [])

I get the following error:

raise error_class(parsed_response, operation_name)
botocore.errorfactory.UnsupportedOperationException: An error occurred (UnsupportedOperationException) when calling the GetPublicKey operation:

Anyone know what parameters I'm missing for the get_public_key() method?

question from:https://stackoverflow.com/questions/65949677/kms-get-public-key-unsupportedoperationexception

Answer 1

get_public_key is only for asymmetric keys. These keys have public and private components.

Most KMS keys used at AWS are symmetric, and these keys don't have any public component. Instead you would use data key obtained from generate_data_key.