Encrypts data by using a specific certificate.
Operation description
Limit: The encryption algorithm in the request parameters must match the key type.
The following table describes the mapping between encryption algorithms and key types.
| Algorithm | Key Spec |
|---|---|
| RSAES_OAEP_SHA_1 | RSA_2048 |
| RSAES_OAEP_SHA_256 | RSA_2048 |
| SM2PKE | EC_SM2 |
In this example, the certificate whose ID is 12345678-1234-1234-1234-12345678**** and the encryption algorithm RSAES_OAEP_SHA_256 are used to encrypt the data VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=. |
Debugging
Authorization information
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| CertificateId | string | Yes | The ID of the certificate. The ID must be globally unique in Certificates Manager. | 12345678-1234-1234-1234-12345678**** |
| Algorithm | string | Yes | The encryption algorithm. Valid values:
Note
The SM2PKE encryption algorithm is supported only in regions in mainland China. In these regions, managed hardware security modules (HSMs) are used. For more information, see Managed HSM overview.
| RSAES_OAEP_SHA_256 |
| Plaintext | string | Yes | The data that you want to encrypt. The value is encoded in Base64. For example, if the hexadecimal data that you want to encrypt is The size of data that can be encrypted varies based on the encryption algorithm that you use:
If the size of data that you want to encrypt exceeds the preceding limits, you can call the GenerateDataKey operation to generate a data key to encrypt the data. Then, call the CertificatePublicKeyEncrypt operation to encrypt the data key. | VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4= |
For more information about common request parameters, see Common parameters.
Response parameters
Examples
Sample success responses
JSONformat
{
"CiphertextBlob": "ZOyIygCyaOW6Gj****MlNKiuyjfzw=",
"RequestId": "5979d897-d69f-4fc9-87dd-f3bb73c40b80",
"CertificateId": "12345678-1234-1234-1234-12345678****"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | InvalidParameter | The specified parameter is not valid. | An invalid value is specified for the parameter. |
| 404 | Certificate.NotFound | The specified certificate is not found. | The specified certificate does not exist. |
| 404 | InvalidAccessKeyId.NotFound | The Access Key ID provided does not exist in our records. | - |
For a list of error codes, visit the Service error codes.
