Encrypting Data
Function
This API enables you to encrypt data using a specified CMK.
Constraints
When using an asymmetric CMK to encrypt data, please record the selected CMK ID and encryption algorithm. When decrypting data, you need to provide the same CMK ID and encryption algorithm. If the specified CMK and encryption algorithm do not match the value used to encrypt the data, the decryption operation will fail.
When using a symmetric CMK to decrypt data, there is no need to provide the CMK ID and encryption algorithm. KMS will store the information in the ciphertext. KMS cannot store metadata in the ciphertext generated using an asymmetric key. The standard format of the asymmetric key ciphertext does not include configurable fields.
URI
POST /v1.0/{project_id}/kms/encrypt-data
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
project_id |
Yes |
String |
Project ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. The token can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
key_id |
Yes |
String |
CMK ID. It should be 36 bytes and match the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$. Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f |
encryption_context |
No |
Object |
Key-value pairs with a maximum length of 8,192 characters. This parameter is used to record resource context information, excluding sensitive information, to ensure data integrity. If this parameter is specified during encryption, it is also required for decryption. Example: {"Key1":"Value1","Key2":"Value2"} |
plain_text |
Yes |
String |
Plaintext data. It can be 1 to 4,096 bytes and should match the regular expression ^.{1,4096}$. After it is converted to a byte array, its length should still be 1 to 4096 bytes. |
sequence |
No |
String |
36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
|---|---|---|
key_id |
String |
CMK ID. |
cipher_text |
String |
Ciphertext DEK in hexadecimal format. Two characters represent 1 byte. |
Status code: 400
Parameter |
Type |
Description |
|---|---|---|
error |
Object |
Error message. |
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error information. |
Status code: 403
Parameter |
Type |
Description |
|---|---|---|
error |
Object |
Error message. |
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error information. |
Status code: 404
Parameter |
Type |
Description |
|---|---|---|
error |
Object |
Error message. |
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error information. |
Example Requests
{
"key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
"plain_text" : "hello world"
}
Example Responses
Status code: 200
Request processing succeeded.
{
"key_id" : "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
"cipher_text" : "AgDoAG7EsEc2OHpQxz4gDFDH54CqwaelpTdEl+RFXXX..."
}
Status code: 400
Invalid request parameters.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status code: 403
Authentication failed.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status code: 404
The requested resource does not exist or is not found.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status Codes
Status Code |
Description |
|---|---|
200 |
Request processing succeeded. |
400 |
Invalid request parameters. |
403 |
Authentication failed. |
404 |
The requested resource does not exist or is not found. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
