Retrieves the public key of an asymmetric key. You can use the public key to encrypt data or verify a signature on your device.
Operation description
-
For more information about the access policy required for a RAM user or RAM role to call this OpenAPI operation, see Resource Access Management.
-
You can call this operation using a shared gateway or a dedicated gateway. For more information, see Alibaba Cloud SDK.
Shared gateway: You can access KMS over the Internet or using a VPC domain name. If you access KMS over the Internet, you must enable Internet access. For more information, see Access keys in a KMS instance over the Internet.
Dedicated gateway: You can access KMS using the private endpoint of KMS (
<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com).
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| KeyId |
string |
Yes |
The globally unique identifier of the customer master key (CMK). This parameter can also be an alias that is bound to the CMK. For more information, see Use of aliases. |
5c438b18-05be-40ad-b6c2-3be6752c**** |
| KeyVersionId |
string |
Yes |
The globally unique identifier of the key version. |
2ab1a983-7072-4bbc-a582-584b5bd8**** |
| DryRun |
string |
No |
Specifies whether to enable the DryRun mode.
The DryRun mode is used to test API calls, verify your permissions on resources, and check whether the parameters are valid. If you enable the DryRun mode, KMS always returns a failed response and a failure reason. The failure reasons include the following:
|
false |
Response parameters
|
Parameter |
Type |
Description |
Example |
|
object |
|||
| KeyVersionId |
string |
The globally unique identifier of the key version. |
2ab1a983-7072-4bbc-a582-584b5bd8**** |
| KeyId |
string |
The globally unique identifier of the CMK. Note
If you specify an alias of the CMK for the KeyId parameter in the request, the ID of the CMK to which the alias is bound is returned. |
5c438b18-05be-40ad-b6c2-3be6752c**** |
| RequestId |
string |
The ID of the request. |
475f1620-b9d3-4d35-b5c6-3fbdd941423d |
| PublicKey |
string |
The public key in the PEM format. |
-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\nJQIDAQAB\n-----END PUBLIC KEY-----\n |
Examples
Success response
JSON format
{
"KeyVersionId": "2ab1a983-7072-4bbc-a582-584b5bd8****",
"KeyId": "5c438b18-05be-40ad-b6c2-3be6752c****",
"RequestId": "475f1620-b9d3-4d35-b5c6-3fbdd941423d",
"PublicKey": "-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\nJQIDAQAB\\n-----END PUBLIC KEY-----\\n"
}Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | InvalidParameter | The specified parameter is not valid. | An invalid value is specified for the parameter. |
| 404 | InvalidAccessKeyId.NotFound | The Access Key ID provided does not exist in our records. | |
| 404 | Forbidden.KeyNotFound | The specified Key is not found. | The error message returned because the specified CMK does not exist. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.