Example 1: Encrypting or Decrypting Small Volumes of Data

Scenario

Encrypt or decrypt data not larger than 4 KB, such as passwords, certificates, and phone numbers, by using a tool on the console or calling an API. This section describes how to call a KMS API and use a CMK to encrypt or decrypt data.

Process:

Create a CMK in KMS.
Call the encrypt-data API of KMS to encrypt plaintext data by using a CMK.
Deploy ciphertext certificates on your servers.
When your servers need to use a certificate, they call the decrypt-data API of KMS to decrypt the ciphertext data and obtain the ciphertext certificate.

Operations

APIs are called to perform the following operations:

Create a CMK
Encrypt a DEK
Decrypt a DEK

Procedure

Create a CMK.
- API information
  URI format: POST /v1.0/{project_id}/kms/create-key
  
  For details, see Creating a CMK.
  
  Default Master Keys are created by services integrated with KMS. Names of Default Master Keys end with /default. Do not end your CMK names with /default.
- Example request
  POST: https://{endpoint}/v1.0/53d1aefc533f4ce9a59c26b01667cbcf/kms/create-key
  
  Obtain {endpoint} from Regions and Endpoints.
  
  Body:
```
{
    "key_alias": "test"
}
```
- Example response
```
{
    "key_info": {
        "key_id": "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
        "domain_id": "b168fe00ff56492495a7d22974df2d0b"
    }
}
```

Encrypt data.

API information
URI format: POST /v1.0/{project_id}/kms/encrypt-data

For details, see Encrypting Data.
Example request
POST https://{endpoint}/v1.0/53d1aefc533f4ce9a59c26b01667cbcf/kms/encrypt-data

Obtain {endpoint} from Regions and Endpoints.

You can use the API for Querying the List of CMKs to check key information, including key_id.

Body:
```
{
    "key_id": "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
    "plain_text": "12345678"
}
```

Example response

{     "key_id": "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
     "cipher_text": "AgDoAG7EsEc2OHpQxz4gDFDH54CqwaelpTdEl+RFPjbKn5klPTvOywYIeZX60kPbFsYOpXJwkL32HUM50MY22Eb1fOSpZK7WJpYjx66EWOkJvO+Ey3r1dLdNAjrZrYzQlxRwNS05CaNKoX5rr3NoDnmv+UNobaiS25muLLiqOt6UrStaWow9AUyOHSzl+BrX2Vu0whv74djK+3COO6cXT2CBO6WajTJsOgYdxMfv24KWSKw0TqvHe8XDKASQGKdgfI74hzI1YWJlNjlmLWFlMTAtNDRjZC1iYzg3LTFiZGExZGUzYjdkNwAAAACdcfNpLXwDUPH3023MvZK8RPHe129k6VdNIi3zNb0eFQ==" 
}

Decrypt data.

API information
URI format: POST /v1.0/{project_id}/kms/decrypt-data

For details, see Decrypting Data.

Example request

POST https://{endpoint}/v1.0/53d1aefc533f4ce9a59c26b01667cbcf/kms/decrypt-data

Obtain {endpoint} from Regions and Endpoints.

You can use the API for Querying the List of CMKs to check key information, including key_id.

Body:

{      "cipher_text": "AgDoAG7EsEc2OHpQxz4gDFDH54CqwaelpTdEl+RFPjbKn5klPTvOywYIeZX60kPbFsYOpXJwkL32HUM50MY22Eb1fOSpZK7WJpYjx66EWOkJvO+Ey3r1dLdNAjrZrYzQlxRwNS05CaNKoX5rr3NoDnmv+UNobaiS25muLLiqOt6UrStaWow9AUyOHSzl+BrX2Vu0whv74djK+3COO6cXT2CBO6WajTJsOgYdxMfv24KWSKw0TqvHe8XDKASQGKdgfI74hzI1YWJlNjlmLWFlMTAtNDRjZC1iYzg3LTFiZGExZGUzYjdkNwAAAACdcfNpLXwDUPH3023MvZK8RPHe129k6VdNIi3zNb0eFQ=="
 }

Example response

{   
    "key_id": "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
     "plain_text": "12345678"
 }

Parent topic: Application Examples

Previous topic: Application Examples

Next topic: Example 2: Encrypting or Decrypting Large Volumes of Data

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot