Encrypts data by using an asymmetric customer master key (CMK).
This operation is supported only when the asymmetric CMK has the usage attribute of ENCRYPT/DECRYPT. The following table lists supported encryption algorithms.
KeySpec |
Algorithm |
Description |
Maximum number of bytes that can be encrypted |
|
---|---|---|---|---|
RSA_2048 |
RSAES_OAEP_SHA_256 |
RSAES-OAEP using SHA-256 and MGF1 with SHA-256 |
190 |
|
RSA_2048 |
RSAES_OAEP_SHA_1 |
RSAES-OAEP using SHA1 and MGF1 with SHA1 |
214 |
|
RSA_3072 |
RSAES_OAEP_SHA_256 |
RSAES-OAEP using SHA-256 and MGF1 with SHA-256 |
318 |
|
RSA_3072 |
RSAES_OAEP_SHA_1 |
RSAES-OAEP using SHA1 and MGF1 with SHA1 |
342 |
|
EC_SM2 |
SM2PKE |
SM2 public key encryption algorithm based on elliptic curves |
6047 |
You can use the asymmetric CMK whose ID is 5c438b18-05be-40ad-b6c2-3be6752c****
and version ID is 2ab1a983-7072-4bbc-a582-584b5bd8****
and the algorithm RSAES_OAEP_SHA_1
to encrypt the plaintext SGVsbG8gd29ybGQ=
based on the parameter settings provided in this topic.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | AsymmetricEncrypt |
The operation that you want to perform. Set the value to AsymmetricEncrypt. |
Algorithm | String | Yes | RSAES_OAEP_SHA_1 |
The encryption algorithm that you want to use. |
KeyId | String | Yes | 5c438b18-05be-40ad-b6c2-3be6752c**** |
The ID of the CMK. The ID must be globally unique. Note You can also set the value to an alias that is bound to the CMK. For more information,
see Overview of aliases.
|
KeyVersionId | String | Yes | 2ab1a983-7072-4bbc-a582-584b5bd8**** |
The version ID of the CMK. The ID must be globally unique. Note You can call the ListKeyVersions operation to query the versions of a CMK. The ID of a version is specified by the
KeyVersionId parameter.
|
Plaintext | String | Yes | SGVsbG8gd29ybGQ= |
The plaintext that you want to encrypt. The plaintext must be Base64-encoded. |
For more information about common request parameters, see Common parameters.
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
KeyId | String | 5c438b18-05be-40ad-b6c2-3be6752c**** |
The ID of the CMK. Note If you set the KeyId parameter in the request to an alias, the ID of the CMK to which
the alias is bound is returned.
|
KeyVersionId | String | 2ab1a983-7072-4bbc-a582-584b5bd8**** |
The version ID of the CMK that is used to encrypt the plaintext. |
CiphertextBlob | String | BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg== |
The Base64-encoded ciphertext that was generated after encryption. |
RequestId | String | 475f1620-b9d3-4d35-b5c6-3fbdd941423d |
The ID of the request. |
Examples
Sample requests
https://[Endpoint]/?Action=AsymmetricEncrypt
&KeyId=5c438b18-05be-40ad-b6c2-3be6752c****
&KeyVersionId=2ab1a983-7072-4bbc-a582-584b5bd8****
&Algorithm=RSAES_OAEP_SHA_1
&Plaintext=SGVsbG8gd29ybGQ=
&<Common request parameters>
Sample success responses
XML
format
<KMS>
<KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>
<KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>
<CiphertextBlob>RKF5WeXJtusIrvuPOjpkA/55EKzi8Wmc/eJ2fQUKphvL750jtInSX1wijw/7jGxUaTHTW6tgIJl2ReN1aI1/wxqGxdzScwsMHxCBncnzQsZF+Fi4UFpI9pr4A1wc2u5Ngwyx9uA4K/kJ5bkS4NvmanxssAPZfSfbJSrAWlCP11tS0Cd54tQVGj4XK9tP9bJDKzKis1NClsOXZtNPX88kUqr3LkgFCsD07IwiePAfI2tn2fzeisje1Q7/d6VkF48c3ZE0DAmnLRujt3yRRGDaKUkI6SUDjuKD4yqBUX15/DKfJtya+JIPQGiO2IEPlhL7+NMT17U0tKtK5ZPNEwxfZw==</CiphertextBlob>
<RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>
</KMS>
JSON
format
{
"KeyId": "5c438b18-05be-40ad-b6c2-3be6752c****",
"KeyVersionId": "2ab1a983-7072-4bbc-a582-584b5bd8****",
"CiphertextBlob": "RKF5WeXJtusIrvuPOjpkA/55EKzi8Wmc/eJ2fQUKphvL750jtInSX1wijw/7jGxUaTHTW6tgIJl2ReN1aI1/wxqGxdzScwsMHxCBncnzQsZF+Fi4UFpI9pr4A1wc2u5Ngwyx9uA4K/kJ5bkS4NvmanxssAPZfSfbJSrAWlCP11tS0Cd54tQVGj4XK9tP9bJDKzKis1NClsOXZtNPX88kUqr3LkgFCsD07IwiePAfI2tn2fzeisje1Q7/d6VkF48c3ZE0DAmnLRujt3yRRGDaKUkI6SUDjuKD4yqBUX15/DKfJtya+JIPQGiO2IEPlhL7+NMT17U0tKtK5ZPNEwxfZw==",
"RequestId": "475f1620-b9d3-4d35-b5c6-3fbdd941423d"
}
Error codes
For a list of error codes, visit the API Error Center.