edit-icon download-icon

GetParametersForImport

Last Updated: Apr 02, 2018

Description

Returns the items you need in order to import key material into KMS from your existing key management infrastructure. The returned items are used in the subsequent ImportKeyMaterial request.

Note:

  • This CMK’s Origin must be EXTERNAL.
  • You must specify the wrapping key (public key) type (RSA_2048 is supported) and the wrapping algorithm (RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1, and RSAES_OAEP_SHA_256 are supported).
  • This operation returns a public key, an import token, and the import token expiration time. The public key is base64 encoded. The import token is valid for 24 hours.
  • You must specify the key ID of the CMK into which you import key material. The public key and import token can be used only to encrypt and import the CMK ID specified in this API request.
  • The public key and import token from the same response must be used together.
  • The algorithm used to encrypt the key material must be the one specified in the API request.
  • Each request to this API returns a different pair of public key and import token.

Request parameters

Name Type Required Description
KeyId string Yes Globally unique identifier of the CMK. The Origin must be EXTERNAL.
WrappingAlgorithm string Yes The algorithm used to encrypt the key material before importing it.
WrappingKeySpec string Yes The type of wrapping key (public key) to return in the response. Only 2048-bit RSA public keys are supported.

Response parameters

Name Type Description
KeyId String The identifier of the CMK to use in a subsequent ImportKeyMaterial request.
ImportToken String The import token to send in a subsequent ImportKeyMaterial request.
PublicKey String The public key to use to encrypt the key material before importing it.
TokenExpireTime String The time when the import token expires.

Examples

Request example

  1. https://kms.cn-hangzhou.aliyuncs.com/?Action=GetParametersForImport
  2. &KeyId=<external key id>
  3. &WrappingAlgorithm=<key material encryption algorithm>
  4. &WrappingKeySpec=RSA_2048
  5. &<Common Request Parameters>

Response example

JSON format

  1. //json response
  2. {
  3. "ImportToken":"ImportToken",
  4. "PublicKey":"PublicKey",
  5. "KeyId":"KeyId",
  6. "TokenExpireTime":"2018-01-25T00:01:02Z",
  7. "RequestId":"8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc"
  8. }

XML format

  1. //xml response
  2. <KMS>
  3. <ImportToken>ImportToken</ImportToken>
  4. <PublicKey>PublicKey</PublicKey>
  5. <KeyId>KeyId</KeyId>
  6. <TokenExpireTime>2018-01-25T00:01:02Z</TokenExpireTime>
  7. <RequestId>8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc</RequestId>
  8. </KMS>
Thank you! We've received your feedback.