Encryption and decryption are business operations that can be performed through either a shared or dedicated gateway. This topic describes how to use a symmetric key for encryption and decryption with Alibaba Cloud SDK.
Related OpenAPI
Configuration differences between shared and dedicated gateways
The only differences between using a shared and dedicated gateway involve the configuration in client initialization:
Parameter | Shared gateway | Dedicated gateway |
endpoint | The shared gateway endpoint must be configured with one of the following formats:
| The dedicated gateway endpoint must be configured following the format: |
ca | Not required. |
|
Encryption and decryption through a shared gateway
Complete example
Encryption
package com.aliyun.sample;
import com.aliyun.tea.*;
public class Sample {
/**
* <b>description</b> :
* <p>Use your AccessKey ID and AccessKey secret to initialize the client.</p>
* @return Client
*
* @throws Exception
*/
public static com.aliyun.kms20160120.Client createClient() throws Exception {
// If the project code is leaked, the AccessKey pair may be leaked and resources in your account become insecure. The following code is for reference only.
// We recommend that you use Security Token Service (STS) tokens, which provide higher security. For more information about authentication methods, see https://www.alibabacloud.com/help/en/sdk/developer-reference/v2-manage-access-credentials.
com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
// Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_ID environment variable is configured in the code runtime environment.
.setAccessKeyId(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID"))
// Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variable is configured in the code runtime environment.
.setAccessKeySecret(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET"));
// For information about the endpoint, see https://api.alibabacloud.com/product/Kms.
config.endpoint = "kms.ap-southeast-1.aliyuncs.com";
return new com.aliyun.kms20160120.Client(config);
}
public static void main(String[] args_) throws Exception {
java.util.List<String> args = java.util.Arrays.asList(args_);
com.aliyun.kms20160120.Client client = Sample.createClient();
com.aliyun.kms20160120.models.EncryptRequest encryptRequest = new com.aliyun.kms20160120.models.EncryptRequest()
.setPlaintext("MzcyOTI5MTk5MTEyNDU3****")
.setKeyId("key-hzz65f17868e6cl0n****");
com.aliyun.teautil.models.RuntimeOptions runtime = new com.aliyun.teautil.models.RuntimeOptions();
try {
// If you copy and run the sample code, write your own code to display the response of the API operation if necessary
client.encryptWithOptions(encryptRequest, runtime);
} catch (TeaException error) {
// In this example, errors are printed. In your actual project, process errors based on your business requirements.
// Print error messages
System.out.println(error.getMessage());
// Provide the URL for troubleshooting
System.out.println(error.getData().get("Recommend"));
com.aliyun.teautil.Common.assertAsString(error.message);
} catch (Exception _error) {
TeaException error = new TeaException(_error.getMessage(), _error);
// In this example, errors are printed. In your actual project, process errors based on your business requirements.
// Print error messages
System.out.println(error.getMessage());
// Provide the URL for troubleshooting
System.out.println(error.getData().get("Recommend"));
com.aliyun.teautil.Common.assertAsString(error.message);
}
}
}Decryption
package com.aliyun.sample;
import com.aliyun.tea.*;
public class Sample {
/**
* <b>description</b> :
* <p>Use your AccessKey ID and AccessKey secret to initialize the client.</p>
* @return Client
*
* @throws Exception
*/
public static com.aliyun.kms20160120.Client createClient() throws Exception {
// If the project code is leaked, the AccessKey pair may be leaked and resources in your account become insecure. The following code is for reference only.
// We recommend that you use Security Token Service (STS) tokens, which provide higher security. For more information about authentication methods, see https://www.alibabacloud.com/help/en/sdk/developer-reference/v2-manage-access-credentials.
com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
// Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_ID environment variable is configured in the code runtime environment.
.setAccessKeyId(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID"))
// Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variable is configured in the code runtime environment.
.setAccessKeySecret(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET"));
// For information about the endpoint, see https://api.alibabacloud.com/product/Kms.
config.endpoint = "kms.ap-southeast-1.aliyuncs.com";
return new com.aliyun.kms20160120.Client(config);
}
public static void main(String[] args_) throws Exception {
java.util.List<String> args = java.util.Arrays.asList(args_);
com.aliyun.kms20160120.Client client = Sample.createClient();
com.aliyun.kms20160120.models.DecryptRequest decryptRequest = new com.aliyun.kms20160120.models.DecryptRequest()
.setCiphertextBlob("a2V5LWh6ejY1Zj****");
com.aliyun.teautil.models.RuntimeOptions runtime = new com.aliyun.teautil.models.RuntimeOptions();
try {
// If you copy and run the sample code, write your own code to display the response of the API operation if necessary
client.decryptWithOptions(decryptRequest, runtime);
} catch (TeaException error) {
// In this example, errors are printed. In your actual project, process errors based on your business requirements.
// Print error messages
System.out.println(error.getMessage());
// Provide the URL for troubleshooting
System.out.println(error.getData().get("Recommend"));
com.aliyun.teautil.Common.assertAsString(error.message);
} catch (Exception _error) {
TeaException error = new TeaException(_error.getMessage(), _error);
// In this example, errors are printed. In your actual project, process errors based on your business requirements.
// Print error messages
System.out.println(error.getMessage());
// Provide the URL for troubleshooting
System.out.println(error.getData().get("Recommend"));
com.aliyun.teautil.Common.assertAsString(error.message);
}
}
}Example analysis
Initialize the client
Call the Encrypt operation to encrypt data using a symmetric key
Call the Decrypt operation to decrypt ciphertext using a symmetric key
Encryption and decryption through a dedicated gateway
Complete example
Encryption
package com.aliyun.sample;
import com.aliyun.tea.*;
public class Sample {
/**
* <b>description</b> :
* <p>Use your AccessKey ID and AccessKey secret to initialize the client.</p>
* @return Client
*
* @throws Exception
*/
public static com.aliyun.kms20160120.Client createClient() throws Exception {
// If the project code is leaked, the AccessKey pair may be leaked and resources in your account become insecure. The following code is for reference only.
// We recommend that you use Security Token Service (STS) tokens, which provide higher security. For more information about authentication methods, see https://www.alibabacloud.com/help/en/sdk/developer-reference/v2-manage-access-credentials.
com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
// Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_ID environment variable is configured in the code runtime environment.
.setAccessKeyId(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID"))
// Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variable is configured in the code runtime environment.
.setAccessKeySecret(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET"));
// Dedicated gateway endpoint
config.endpoint = "kst-hzz65f176a0ogplgq****.cryptoservice.kms.aliyuncs.com";
//KMS instance CA certificate
config.ca = "-----BEGIN CERTIFICATE-----MIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCS****";
return new com.aliyun.kms20160120.Client(config);
}
public static void main(String[] args_) throws Exception {
java.util.List<String> args = java.util.Arrays.asList(args_);
com.aliyun.kms20160120.Client client = Sample.createClient();
com.aliyun.kms20160120.models.EncryptRequest encryptRequest = new com.aliyun.kms20160120.models.EncryptRequest()
.setPlaintext("MzcyOTI5MTk5MTEyNDU3****")
.setKeyId("key-hzz65f17868e6cl0n****");
com.aliyun.teautil.models.RuntimeOptions runtime = new com.aliyun.teautil.models.RuntimeOptions();
try {
// If you copy and run the sample code, write your own code to display the response of the API operation if necessary
client.encryptWithOptions(encryptRequest, runtime);
} catch (TeaException error) {
// In this example, errors are printed. In your actual project, process errors based on your business requirements.
// Print error messages
System.out.println(error.getMessage());
// Provide the URL for troubleshooting
System.out.println(error.getData().get("Recommend"));
com.aliyun.teautil.Common.assertAsString(error.message);
} catch (Exception _error) {
TeaException error = new TeaException(_error.getMessage(), _error);
// In this example, errors are printed. In your actual project, process errors based on your business requirements.
// Print error messages
System.out.println(error.getMessage());
// Provide the URL for troubleshooting
System.out.println(error.getData().get("Recommend"));
com.aliyun.teautil.Common.assertAsString(error.message);
}
}
}Decryption
package com.aliyun.sample;
import com.aliyun.tea.*;
public class Sample {
/**
* <b>description</b> :
* <p>Use your AccessKey ID and AccessKey secret to initialize the client.</p>
* @return Client
*
* @throws Exception
*/
public static com.aliyun.kms20160120.Client createClient() throws Exception {
// If the project code is leaked, the AccessKey pair may be leaked and resources in your account become insecure. The following code is for reference only.
// We recommend that you use Security Token Service (STS) tokens, which provide higher security. For more information about authentication methods, see https://www.alibabacloud.com/help/en/sdk/developer-reference/v2-manage-access-credentials.
com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
// Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_ID environment variable is configured in the code runtime environment.
.setAccessKeyId(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID"))
// Required. Make sure that the ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variable is configured in the code runtime environment.
.setAccessKeySecret(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET"));
// Dedicated gateway endpoint
config.endpoint = "kst-hzz65f176a0ogplgq****.cryptoservice.kms.aliyuncs.com";
//KMS instance CA certificate
config.ca = "-----BEGIN CERTIFICATE-----MIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCS****";
return new com.aliyun.kms20160120.Client(config);
}
public static void main(String[] args_) throws Exception {
java.util.List<String> args = java.util.Arrays.asList(args_);
com.aliyun.kms20160120.Client client = Sample.createClient();
com.aliyun.kms20160120.models.DecryptRequest decryptRequest = new com.aliyun.kms20160120.models.DecryptRequest()
.setCiphertextBlob("a2V5LWh6ejY1Zj****");
com.aliyun.teautil.models.RuntimeOptions runtime = new com.aliyun.teautil.models.RuntimeOptions();
try {
// If you copy and run the sample code, write your own code to display the response of the API operation if necessary
client.decryptWithOptions(decryptRequest, runtime);
} catch (TeaException error) {
// In this example, errors are printed. In your actual project, process errors based on your business requirements.
// Print error messages
System.out.println(error.getMessage());
// Provide the URL for troubleshooting
System.out.println(error.getData().get("Recommend"));
com.aliyun.teautil.Common.assertAsString(error.message);
} catch (Exception _error) {
TeaException error = new TeaException(_error.getMessage(), _error);
// In this example, errors are printed. In your actual project, process errors based on your business requirements.
// Print error messages
System.out.println(error.getMessage());
// Provide the URL for troubleshooting
System.out.println(error.getData().get("Recommend"));
com.aliyun.teautil.Common.assertAsString(error.message);
}
}
}