Encrypts data by using an asymmetric customer master key (CMK).

This operation is supported only when the asymmetric CMK has the usage attribute of ENCRYPT/DECRYPT. The following table lists supported encryption algorithms.

KeySpec

Algorithm

Description

Maximum number of bytes that can be encrypted

RSA_2048

RSAES_OAEP_SHA_256

RSAES-OAEP using SHA-256 and MGF1 with SHA-256

190

RSA_2048

RSAES_OAEP_SHA_1

RSAES-OAEP using SHA1 and MGF1 with SHA1

214

RSA_3072

RSAES_OAEP_SHA_256

RSAES-OAEP using SHA-256 and MGF1 with SHA-256

318

RSA_3072

RSAES_OAEP_SHA_1

RSAES-OAEP using SHA1 and MGF1 with SHA1

342

EC_SM2

SM2PKE

SM2 public key encryption algorithm based on elliptic curves

6047

You can use the asymmetric CMK whose ID is 5c438b18-05be-40ad-b6c2-3be6752c**** and version ID is 2ab1a983-7072-4bbc-a582-584b5bd8**** and the algorithm RSAES_OAEP_SHA_1 to encrypt the plaintext SGVsbG8gd29ybGQ= based on the parameter settings provided in this topic.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes AsymmetricEncrypt

The operation that you want to perform. Set the value to AsymmetricEncrypt.

Algorithm String Yes RSAES_OAEP_SHA_1

The encryption algorithm that you want to use.

KeyId String Yes 5c438b18-05be-40ad-b6c2-3be6752c****

The ID of the CMK. The ID must be globally unique.

Note You can also set the value to an alias that is bound to the CMK. For more information, see Overview of aliases.
KeyVersionId String Yes 2ab1a983-7072-4bbc-a582-584b5bd8****

The version ID of the CMK. The ID must be globally unique.

Note You can call the ListKeyVersions operation to query the versions of a CMK. The ID of a version is specified by the KeyVersionId parameter.
Plaintext String Yes SGVsbG8gd29ybGQ=

The plaintext that you want to encrypt. The plaintext must be Base64-encoded.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
KeyId String 5c438b18-05be-40ad-b6c2-3be6752c****

The ID of the CMK.

Note If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.
KeyVersionId String 2ab1a983-7072-4bbc-a582-584b5bd8****

The version ID of the CMK that is used to encrypt the plaintext.

CiphertextBlob String BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==

The Base64-encoded ciphertext that was generated after encryption.

RequestId String 475f1620-b9d3-4d35-b5c6-3fbdd941423d

The ID of the request.

Examples

Sample requests

https://[Endpoint]/?Action=AsymmetricEncrypt
&KeyId=5c438b18-05be-40ad-b6c2-3be6752c****
&KeyVersionId=2ab1a983-7072-4bbc-a582-584b5bd8****
&Algorithm=RSAES_OAEP_SHA_1
&Plaintext=SGVsbG8gd29ybGQ=
&<Common request parameters>

Sample success responses

XML format

<KMS>
    <KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>
    <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>
    <CiphertextBlob>RKF5WeXJtusIrvuPOjpkA/55EKzi8Wmc/eJ2fQUKphvL750jtInSX1wijw/7jGxUaTHTW6tgIJl2ReN1aI1/wxqGxdzScwsMHxCBncnzQsZF+Fi4UFpI9pr4A1wc2u5Ngwyx9uA4K/kJ5bkS4NvmanxssAPZfSfbJSrAWlCP11tS0Cd54tQVGj4XK9tP9bJDKzKis1NClsOXZtNPX88kUqr3LkgFCsD07IwiePAfI2tn2fzeisje1Q7/d6VkF48c3ZE0DAmnLRujt3yRRGDaKUkI6SUDjuKD4yqBUX15/DKfJtya+JIPQGiO2IEPlhL7+NMT17U0tKtK5ZPNEwxfZw==</CiphertextBlob>
    <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>
</KMS>

JSON format

{
  "KeyId": "5c438b18-05be-40ad-b6c2-3be6752c****",
  "KeyVersionId": "2ab1a983-7072-4bbc-a582-584b5bd8****",
  "CiphertextBlob": "RKF5WeXJtusIrvuPOjpkA/55EKzi8Wmc/eJ2fQUKphvL750jtInSX1wijw/7jGxUaTHTW6tgIJl2ReN1aI1/wxqGxdzScwsMHxCBncnzQsZF+Fi4UFpI9pr4A1wc2u5Ngwyx9uA4K/kJ5bkS4NvmanxssAPZfSfbJSrAWlCP11tS0Cd54tQVGj4XK9tP9bJDKzKis1NClsOXZtNPX88kUqr3LkgFCsD07IwiePAfI2tn2fzeisje1Q7/d6VkF48c3ZE0DAmnLRujt3yRRGDaKUkI6SUDjuKD4yqBUX15/DKfJtya+JIPQGiO2IEPlhL7+NMT17U0tKtK5ZPNEwxfZw==",
  "RequestId": "475f1620-b9d3-4d35-b5c6-3fbdd941423d"
}

Error codes

For a list of error codes, visit the API Error Center.