Encrypting a DEK
Function
This API is used to encrypt a DEK using a specified CMK.
Calling Method
For details, see Calling APIs.
URI
POST /v1.0/{project_id}/kms/encrypt-datakey
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
key_id |
Yes |
String |
A 36-byte key ID which matches the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$, for example, 0d0466b0-e727-4d9c-b35d-f84bb474a37f. |
|
plain_text |
Yes |
String |
If AES is used for the customer master key (CMK), the value is the plaintext data encryption key (DEK) + the SHA256 value (32 bytes) of the plaintext DEK. If SM4 is used for the CMK, the value is the plaintext DEK + the SM3 value (32 bytes) of the plaintext DEK. The values are hexadecimal strings. |
|
datakey_plain_length |
Yes |
String |
Number of bytes of a DEK in plaintext. The value ranges from 1 to 1024, for example, 64. |
|
additional_authenticated_data |
No |
String |
Non-sensitive extra data used for authentication. The value is a random string with at most 128 bytes. |
|
pin |
No |
String |
PIN code, which is used to authenticate the data key. This parameter is valid only in the level-4 cryptography testing scenario. |
|
pin_type |
No |
String |
PIN code type. The default value is CipherText. The value can be:
|
|
key_spec |
No |
String |
Type of the data key to be encrypted. This parameter is valid only in the level-4 cryptography testing scenario. The value can be SM2 or RSA.
|
|
sequence |
No |
String |
A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
key_id |
String |
Key ID |
|
cipher_text |
String |
Ciphertext DEK in hexadecimal format. Two characters represent 1 byte. |
|
datakey_length |
String |
Length of a DEK, in bytes. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 401
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 502
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 504
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Example Requests
Encrypt a 512-bit plaintext key using the key whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f and add 123add as the associated data.
{
"key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
"plain_text" : "7549d9aea901767bf3c0b3e14b10722eaf6f59053bbd82045d04e075e809a0fe6ccab48f8e5efe74e4b18ff0512525e527b10331100f357bf42125d8d5ced94ffbc8ac72b0785ca7fe33eb6776ce3990b11e32b299d9c0a9ee0305fb9540f797",
"datakey_plain_length" : "64",
"additional_authenticated_data" : "123aad"
}
Example Responses
Status code: 200
Request succeeded.
{
"key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
"datakey_length" : "64",
"cipher_text" : "020098009EEAFCE122CAA5927D2XXX..."
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request succeeded. |
|
400 |
Invalid request parameters. |
|
401 |
Username and password are required for the requested page. |
|
403 |
Authentication failed. |
|
404 |
The resource does not exist. |
|
500 |
Internal service error. |
|
502 |
Failed to complete the request. The server receives an invalid response from the upstream server. |
|
504 |
Gateway timed out. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
