ReEncrypt
Function
This API is used to decrypt the ciphertext using the source key and then encrypt the ciphertext using the specified new key.
The data key ciphertext encrypted by CreateDatakey, ** CreateDatakeyWithoutPlainText**, or EncryptDatakey can be re-encrypted into a new data key ciphertext.
The ciphertext encrypted by EncryptData can be re-encrypted into a new ciphertext.
Notes:
A data key can only be re-encrypted into a data key.
Calling Method
For details, see Calling APIs.
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
- If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
- If you are using identity policy-based authorization, no identity policy-based permission required for calling this API.
URI
POST /v1.0/{project_id}/kms/re-encrypt
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
- |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
User token, which can be obtained by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
source_key_id |
No |
String |
ID of the original key, which is used to decrypt the ciphertext. For asymmetric key encryption, source_key_id is mandatory. For symmetric key encryption, you are advised to set source_key_id. KMS uses the specified source_key_id for decryption. If this parameter is left blank, KMS attempts to obtain the key ID used for encryption from the ciphertext, and then use the key ID for decryption. |
source_additional_authenticated_data |
No |
String |
AAD information used during encryption of the original ciphertext. If no AAD is specified during encryption, this parameter cannot be set. Otherwise, decryption fails. |
source_encryption_algorithm |
No |
String |
Encryption algorithm used during encryption of the original ciphertext. The default value is SYMMETRIC_DEFAULT. The value can be: SYMMETRIC_DEFAULT RSAES_OAEP_SHA_1 RSAES_OAEP_SHA_256 SM2_ENCRYPT Note: RSAES_OAEP_SHA_1 is no longer secure. Exercise caution when using it. |
destination_key_id |
Yes |
String |
ID of the target key, which is used to encrypt the decrypted plaintext. |
destination_additional_authenticated_data |
No |
String |
If a value is specified, the value is used as AAD during re-encryption. |
destination_encryption_algorithm |
No |
String |
Encryption algorithm used during re-encryption of the new ciphertext. The default value is SYMMETRIC_DEFAULT. The value can be: SYMMETRIC_DEFAULT RSAES_OAEP_SHA_1 RSAES_OAEP_SHA_256 SM2_ENCRYPT Note: RSAES_OAEP_SHA_1 is no longer secure. Exercise caution when using it. |
datakey_cipher_length |
No |
String |
If the ciphertext is a data key encrypted in CBC mode, datakey_cipher_length must be specified. Number of bytes in the plaintext key material. |
cipher_text |
Yes |
String |
Ciphertext to be re-encrypted. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
key_id |
String |
Key ID used during re-encryption. |
source_key_id |
String |
Key ID used during the encryption of the original ciphertext. |
source_encryption_algorithm |
String |
Encryption algorithm used during the encryption of the original ciphertext. |
destination_encryption_algorithm |
String |
Encryption algorithm used during re-encryption. |
cipher_text |
String |
Ciphertext after re-encryption. |
Example Requests
https://kms.cn-north-4.myhuaweicloud.com/v1.0/d4e559b49b3b403da5279723299ed4a6/kms/re-encrypt { "source_key_id" : "054faae3-ffc2-4b23-8d94-c05bfc8f596a", "source_additional_authenticated_data" : "", "source_encryption_algorithm" : "SYMMETRIC_DEFAULT", "destination_key_id" : "8ad47b5b-037e-4ff9-bf04-6900e3213c17", "destination_additional_authenticated_data" : "123", "destination_encryption_algorithm" : "SYMMETRIC_DEFAULT", "datakey_cipher_length" : "32", "cipher_text" : "020078000871efb21bfdc0712becf0dabfcc115a25eae06efb652aa9afa9689a4c4ec46b4bbeb3a902369b1a53eab67e9b8e730ced3879d1fb62c27cc314f2a44943687741a5d250403c861e4410936d422ef2d330353466616165332d666663322d346232332d386439342d63303562666338663539366100000000ed7fb70234ac273dedc19752900c6f7e4577fc2c1f1482539d0142ab0ff9fdda" }
Example Responses
None
Status Codes
Status Code |
Description |
---|---|
200 |
Request succeeded. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot