Encrypts data by using a specific certificate.
Limit: The encryption algorithm in the request parameters must match the key type.
The following table describes the mapping between encryption algorithms and key types.
Algorithm |
Key Type |
---|---|
RSAES_OAEP_SHA_1 |
RSA_2048 |
RSAES_OAEP_SHA_256 |
RSA_2048 |
SM2PKE |
EC_SM2 |
In this example, the certificate whose ID is 12345678-1234-1234-1234-12345678****
and the encryption algorithm RSAES_OAEP_SHA_256
are used to encrypt the data VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=
.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | CertificatePublicKeyEncrypt |
The operation that you want to perform. Set the value to CertificatePublicKeyEncrypt. |
Algorithm | String | Yes | RSAES_OAEP_SHA_256 |
The encryption algorithm. Valid values:
|
CertificateId | String | Yes | 12345678-1234-1234-1234-12345678**** |
The ID of the certificate. It is the globally unique identifier (GUID) of the certificate in Certificates Manager. |
Plaintext | String | Yes | VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4= |
The data that you want to encrypt. The value must be encoded in Base64. For example, if the hexadecimal data that you
want to encrypt is The size of data that can be encrypted varies based on the encryption algorithm that you use:
If the size of data that you want to encrypt exceeds the preceding limits, you can call the GenerateDataKey operation to generate a data key to encrypt the data. Then, call the CertificatePublicKeyEncrypt operation to encrypt the data key. |
For more information about common request parameters, see Common parameters.
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
CertificateId | String | 12345678-1234-1234-1234-12345678**** |
The ID of the certificate. |
CiphertextBlob | String | ZOyIygCyaOW6Gj****MlNKiuyjfzw= |
The ciphertext after data is encrypted. The value is encoded in Base64. |
RequestId | String | 5979d897-d69f-4fc9-87dd-f3bb73c40b80 |
The ID of the request. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=CertificatePublicKeyEncrypt
&Algorithm=RSAES_OAEP_SHA_256
&CertificateId=12345678-1234-1234-1234-12345678****
&Plaintext=VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=
&<Common request parameters>
Sample success responses
XML
format
<KMS>
<CertificateId>12345678-1234-1234-1234-12345678****</CertificateId>
<CiphertextBlob>ZOyIygCyaOW6Gj****MlNKiuyjfzw=</CiphertextBlob>
<RequestId>5979d897-d69f-4fc9-87dd-f3bb73c40b80</RequestId>
</KMS>
JSON
format
{
"CertificateId": "12345678-1234-1234-1234-12345678****",
"CiphertextBlob": "ZOyIygCyaOW6Gj****MlNKiuyjfzw=",
"RequestId": "5979d897-d69f-4fc9-87dd-f3bb73c40b80"
}
Error codes
HttpCode | Error code | Error message | Description |
---|---|---|---|
404 | Certificate.NotFound | The specified certificate is not found. | The error message returned because the specified certificate does not exist. |
For a list of error codes, visit the API Error Center.