in sdk1/src/main/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/providers/store/MetaStore.java [292:306]
private static Set<String> getSignedOnlyFields(final ExtraDataSupplier extraDataSupplier) {
final Set<String> signedOnlyFields = extraDataSupplier.getSignedOnlyFieldNames();
for (final String signedOnlyField : signedOnlyFields) {
if (ENCRYPTED_FIELDS.contains(signedOnlyField)) {
throw new IllegalArgumentException(signedOnlyField + " must be encrypted");
}
}
// fields that should not be encrypted
final Set<String> doNotEncryptFields = new HashSet<>();
doNotEncryptFields.add(DEFAULT_HASH_KEY);
doNotEncryptFields.add(DEFAULT_RANGE_KEY);
doNotEncryptFields.addAll(signedOnlyFields);
return Collections.unmodifiableSet(doNotEncryptFields);
}