Encrypting a DEK
Function
This API enables you to encrypt a DEK using a specified CMK.
URI
POST /v1.0/{project_id}/kms/encrypt-datakey
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. The token can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
key_id |
Yes |
String |
CMK ID. It should be 36 bytes and match the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$. Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f |
|
encryption_context |
No |
Object |
Key-value pairs with a maximum length of 8,192 characters. This parameter is used to record resource context information, excluding sensitive information, to ensure data integrity. If this parameter is specified during encryption, it is also required for decryption. Example: {"Key1":"Value1","Key2":"Value2"} |
|
plain_text |
Yes |
String |
Both the plaintext of a DEK and the SHA-256 hash value (32 bytes) of the plaintext are expressed as a hexadecimal string. Both the plaintext (64 bytes) of a DEK and the SHA-256 hash value (32 bytes) of the plaintext are expressed as a hexadecimal string. |
|
datakey_plain_length |
Yes |
String |
Number of bytes of a DEK in plaintext. The value range is 1 to 1024. Number of bytes of a DEK in plaintext. The value is 64. |
|
sequence |
No |
String |
36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
key_id |
String |
CMK ID. |
|
cipher_text |
String |
Ciphertext DEK in hexadecimal format. Two characters represent 1 byte. |
|
datakey_length |
String |
Length of a DEK, in bytes. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error information. |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error information. |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error information. |
Example Requests
{
"key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
"plain_text" : "7549d9aea901767bf3c0b3e14b10722eaf6f59053bbd82045d04e075e809a0fe6ccab48f8e5efe74e4b18ff0512525e527b10331100f357bf42125d8d5ced94ffbc8ac72b0785ca7fe33eb6776ce3990b11e32b299d9c0a9ee0305fb9540f797",
"datakey_plain_length" : "64"
}
Example Responses
Status code: 200
Request processing succeeded.
{
"key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
"datakey_length" : "64",
"cipher_text" : "020098009EEAFCE122CAA5927D2XXX..."
}
Status code: 400
Invalid request parameters.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status code: 403
Authentication failed.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status code: 404
The requested resource does not exist or is not found.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request processing succeeded. |
|
400 |
Invalid request parameters. |
|
403 |
Authentication failed. |
|
404 |
The requested resource does not exist or is not found. |
Error Codes
See Error Codes.
Last Article: Creating a Plaintext-Free DEK
Next Article: Decrypting a DEK
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.