This topic describes the formats of encrypted data and signatures to help you understand encryption output and signatures.
Formats of encrypted data
- Data encryption output of Encryption SDK
Data encryption output Component Description Message header Version The current version is 1. Algorithm For more information, see Algorithms.
Data key list The data key list contains at least one data key. The information of each data key consists of the following parts:- The Alibaba Cloud Resource Name (ARN) of the customer master key (CMK) that is used
to encrypt the data key. An ARN includes the region ID, user ID, and CMK ID, and is
presented in the format of
acs:kms:RegionId:UserId:key/CmkId
. - The ciphertext of the data key encrypted by using the primary version of the specified CMK. The ciphertext is the value of the CipherBlob parameter that is returned by the GenerateDataKey operation.
EncryptionContext The encryption context data that is used as additional authentication data for symmetric encryption algorithms. Initialization vector for header authentication The initialization vector that is used to compute header authentication information. The value is a random number. Header authentication information The system computes the header authentication information based on Galois Message Authentication Code (GMAC). If verification fails, an error is returned, indicating that the format of the encryption message is invalid. Message body Initialization vector An initialization vector is an input value with a fixed length. In most cases, it is a random number or pseudo-random number. Ciphertext data The ciphertext returned after data is encrypted. Authentication data The authentication data returned when Galois/Counter Mode (GCM) is used. Authentication data is used to verify data integrity. If the verification fails, a decryption failure is reported. The following table describes algorithm information in a message header.
No. Algorithm information Algorithm Working mode Length of key (bit) Length of initialization vector (byte) 1 AES_GCM_NOPADDING_128 AES GCM 128 12 2 AES_GCM_NOPADDING_256 AES GCM 256 12 3 AES_CBC_NOPADDING_128 AES CBC 128 16 4 AES_CBC_NOPADDING_256 AES CBC 256 16 5 AES_CBC_PKCS5_128 AES CBC 128 16 6 AES_CBC_PKCS5_256 AES CBC 256 16 7 AES_CTR_NOPADDING_128 AES CTR 128 16 8 AES_CTR_NOPADDING_256 AES CTR 256 16 9 SM4_GCM_NOPADDING_128 SM4 GCM 128 16 10 SM4_CBC_NOPADDING_128 SM4 CBC 128 16 11 SM4_CBC_PKCS5_128 SM4 CBC 128 16 12 SM4_CTR_NOPADDING_128 SM4 CTR 128 16 Note Only AES_GCM_NOPADDING_128, AES_GCM_NOPADDING_256, and SM4_GCM_NOPADDING_128 contain authentication data, which is 16 bytes in length. - The Alibaba Cloud Resource Name (ARN) of the customer master key (CMK) that is used
to encrypt the data key. An ARN includes the region ID, user ID, and CMK ID, and is
presented in the format of
- Format definition of data encryption output
Data encryption output is encoded in ASN.1. The following code shows the format of data encryption output in the ASN.1 syntax:
EncryptionMessage ::== SEQUENCE { encryptionHead EncryptionHead --Message header encryptionBody EncryptionBody --Message body } EncryptionHead ::== SEQUENCE { version INTEGER --Version algorithm INTEGER --Algorithm encryptedDataKeys SET EncryptedDataKey --Data key list encryptionContext SET EncryptionContext --Encryption context headerIv OCTECT STRING --Initialization vector for header authentication headerAuthTag OCTECT STRING --Header authentication information } EncryptionBody ::== SEQUENCE{ iv OCTECT STRING --Initialization vector cipherText OCTECT STRING --Ciphertext data authTag OCTECT STRING --GCM authentication information } EncryptedDataKey ::== SEQUENCE { cmkArn OCTECT STRING --ARN of the KMS CMK encryptedDataKey OCTECT STRING --Ciphertext of the data key } EncryptionContext ::== SEQUENCE { key OCTECT STRING value OCTECT STRING }
- Example of data encryption output
SEQUENCE (2 elem) SEQUENCE (6 elem) INTEGER 1 // Version INTEGER 2 // Algorithm SET (2 elem) // Data key list SEQUENCE (2 elem) OCTET STRING (77 byte) acs:kms:cn-beijing:1540355698xxxxx:key/2fad5f44-9573-4f28-8956-xxxx… OCTET STRING (108 byte) 36613739356232362D626163642xxxx262642D383630612D323563313839316131663… SEQUENCE (2 elem) OCTET STRING (77 byte) acs:kms:cn-hangzhou:1540355698xxxxx:key/f6d61352-82bb-450a-b105-xxxx… OCTET STRING (108 byte) 62623630646439352D343165302xxxx237382D616233332D356262636136643633643… SET (5 elem) // EncryptionContext set SEQUENCE (2 elem) OCTET STRING (11 byte) encryption OCTET STRING (7 byte) context SEQUENCE (2 elem) OCTET STRING (7 byte) is not OCTET STRING (6 byte) secret SEQUENCE (2 elem) OCTET STRING (9 byte) but adds OCTET STRING (15 byte) useful metadata SEQUENCE (2 elem) OCTET STRING (18 byte) that can help you OCTET STRING (17 byte) be confident that SEQUENCE (2 elem) OCTET STRING (26 byte) the data you are handling OCTET STRING (23 byte) is what you think it is OCTET STRING (12 byte) E66C1CE19C79F3FBCD62858D // Initialization vector for header authentication OCTET STRING (16 byte) CEEC46C65670E82CD78028AC0104D083 // Header authentication information SEQUENCE (3 elem) // Encrypted message OCTET STRING (12 byte) EF49E2CBB768A7AD0FB0FE20 // Initialization vector OCTET STRING (13 byte) 89A4AB43CD793F7711767C491A // Ciphertext data OCTET STRING (16 byte) 2E93DA019B7A6507155BA3AA252750E3 // Authentication data
- Length of data encryption output
- (108 bytes + 77 bytes) × Number of CMKs
Note The ARN of a CMK is 108 bytes in length. The value of the CipherBlob parameter returned by the GenerateDataKey operation is 77 bytes in length.
- Length of EncryptionContext
- Length of ASN.1-encoded data: 30 bytes
Note The length of ASN.1-encoded data is 30 bytes.
- Length of ciphertext data
- Initialization vector
- Authentication information
- (108 bytes + 77 bytes) × Number of CMKs
Signature format
Encryption SDK calls the AsymmetricSign operation of KMS to sign data. This operation returns a signature value in the binary format.