All Products
Search
Document Center

Key Management Service:List of operations by function

Last Updated:Aug 18, 2023

The following tables list the KMS Instance API operations available for use in Key Management Service (KMS).

Key-related operations

Before you call key-related operations, pay attention to the following information:

  • AdvanceEncrypt, AdvanceDecrypt, AdvanceGenerateDataKey, and GenerateDataKey: To call these operations, you must use symmetric keys.

  • Encrypt and Decrypt: To call these operations, you must use symmetric or asymmetric keys.

  • Sign, Verify, and GetPublicKey: To call these operations, you must use asymmetric keys.

Operation

Description

AdvanceEncrypt

Encrypts plaintext into ciphertext.

Important
  • If automatic key rotation is enabled, call the AdvanceEncrypt, AdvanceDecrypt, or AdvanceGenerateDataKey operation to prevent the key rotation feature from becoming invalid. For more information about automatic key rotation, see Configure key rotation.

  • Before you can call the AdvanceDecrypt operation, you must save the ciphertext (CiphertextBlob) and authentication data (Aad) that are returned by the AdvanceEncrypt operation.

AdvanceDecrypt

Decrypts ciphertext into plaintext.

AdvanceGenerateDataKey

Generates a data key and encrypts data by using envelope encryption of KMS.

Important

Before you can call the AdvanceDecrypt operation, you must save the ciphertext (CiphertextBlob) and authentication data (Aad) that are returned by the AdvanceGenerateDataKey operation.

Encrypt

Encrypts plaintext into ciphertext.

Important

Before you can call the Decrypt or AdvanceDecrypt operation, you must save the key ID (KeyId), ciphertext (CiphertextBlob), encryption algorithm (Algorithm), initial vector (Iv), padding mode (PaddingMode), and authentication data (Aad) that are returned by the Encrypt operation.

Decrypt

Decrypts ciphertext into plaintext.

GenerateDataKey

Generates a data key and encrypts data by using envelope encryption of KMS.

Sign

Generates a signature by using an asymmetric key.

Important

You can call the Verify operation to verify the signature. You can also obtain the public key (GetPublicKey) and verify the signature on your computer.

Verify

Verifies a signature by using an asymmetric key.

GetPublicKey

Queries the public key of a specified asymmetric key.

Secret-related operations

Operation

Description

GetSecretValue

Queries a secret value.

Other operations

Operation

Description

GenerateRandom

Generates a random number.