The following tables list the KMS Instance API operations available for use in Key Management Service (KMS).
Key-related operations
Before you call key-related operations, pay attention to the following information:
AdvanceEncrypt, AdvanceDecrypt, AdvanceGenerateDataKey, and GenerateDataKey: To call these operations, you must use symmetric keys.
Encrypt and Decrypt: To call these operations, you must use symmetric or asymmetric keys.
Sign, Verify, and GetPublicKey: To call these operations, you must use asymmetric keys.
Operation | Description |
Encrypts plaintext into ciphertext. Important
| |
Decrypts ciphertext into plaintext. | |
Generates a data key and encrypts data by using envelope encryption of KMS. Important Before you can call the AdvanceDecrypt operation, you must save the ciphertext (CiphertextBlob) and authentication data (Aad) that are returned by the AdvanceGenerateDataKey operation. | |
Encrypts plaintext into ciphertext. Important Before you can call the Decrypt or AdvanceDecrypt operation, you must save the key ID (KeyId), ciphertext (CiphertextBlob), encryption algorithm (Algorithm), initial vector (Iv), padding mode (PaddingMode), and authentication data (Aad) that are returned by the Encrypt operation. | |
Decrypts ciphertext into plaintext. | |
Generates a data key and encrypts data by using envelope encryption of KMS. | |
Generates a signature by using an asymmetric key. Important You can call the Verify operation to verify the signature. You can also obtain the public key (GetPublicKey) and verify the signature on your computer. | |
Verifies a signature by using an asymmetric key. | |
Queries the public key of a specified asymmetric key. |
Secret-related operations
Operation | Description |
Queries a secret value. |
Other operations
Operation | Description |
Generates a random number. |