AsymmetricEncrypt - Key Management Service - Alibaba Cloud Documentation Center

Deskripsi operasi

Precautions

For information about the permissions that are required to call this operation, see Resource Access Management.
This operation can be called through a shared gateway or a dedicated gateway. For more information, see Alibaba Cloud SDK.
- Shared gateway: You can access KMS over the Internet or using a VPC domain name. To access KMS over the Internet, you must enable Internet access. For more information, see Access a key in a KMS instance over the Internet.
- Dedicated gateway: You can access KMS using the private endpoint of KMS (<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com).

QPS limits

If you use a shared gateway: The number of queries per second (QPS) for a single user is limited to 200. If the limit is exceeded, API calls are throttled. This may affect your business. We recommend that you plan your API calls to avoid exceeding this limit.
If you use a dedicated gateway: The QPS limit for a single user depends on the computing performance specifications of your KMS instance. For more information, see Performance metrics.

Description

This operation supports only asymmetric keys that have the Usage parameter set to ENCRYPT/DECRYPT. The following table describes the supported encryption algorithms.

KeySpec	Algorithm	Description	Maximum number of bytes that can be encrypted
RSA_2048	RSAES_OAEP_SHA_256	RSAES-OAEP using SHA-256 and MGF1 with SHA-256	190
RSA_2048	RSAES_OAEP_SHA_1	RSAES-OAEP using SHA1 and MGF1 with SHA1	214
RSA_3072	RSAES_OAEP_SHA_256	RSAES-OAEP using SHA-256 and MGF1 with SHA-256	318
RSA_3072	RSAES_OAEP_SHA_1	RSAES-OAEP using SHA1 and MGF1 with SHA1	342
EC_SM2	SM2PKE	SM2 elliptic curve public key encryption algorithm	6047

In this example, the plaintext SGVsbG8gd29ybGQ= is encrypted using an asymmetric key with the key ID key-hzz630494463ejqjx****, the key version ID 2ab1a983-7072-4bbc-a582-584b5bd8****, and the RSAES_OAEP_SHA_1 encryption algorithm.

Coba sekarang

Coba API ini di OpenAPI Explorer tanpa perlu penandatanganan manual. Panggilan yang berhasil akan secara otomatis menghasilkan contoh kode SDK sesuai dengan parameter Anda. Unduh kode tersebut dengan kredensial bawaan yang aman untuk penggunaan lokal.

Test

RAM authorization

Tidak ada otorisasi untuk operasi ini. Jika Anda mengalami masalah saat menjalankan operasi ini, hubungi dukungan teknis.

Parameter permintaan

Parameter	Type	Required	Description	Example
Plaintext	string	Yes	Teks biasa yang akan dienkripsi. Nilai harus dienkode dengan Base64.	SGVsbG8gd29ybGQ=
KeyId	string	Yes	ID kunci. Anda juga dapat menentukan alias atau Nama Sumber Daya Alibaba Cloud (ARN) dari kunci. Untuk informasi lebih lanjut tentang alias, lihat Mengelola alias. Catatan Untuk mengakses kunci dari akun Alibaba Cloud lain, Anda harus menentukan ARN kunci. ARN kunci memiliki format `acs:kms:${Wilayah}:${account}:key/${keyid}`.	key-hzz630494463ejqjx****
KeyVersionId	string	Yes	ID versi kunci. ID harus berupa pengidentifikasi unik secara global. Catatan Untuk mendapatkan ID versi kunci, panggil operasi ListKeyVersions.	2ab1a983-7072-4bbc-a582-584b5bd8****
Algorithm	string	Yes	Algoritma enkripsi.	RSAES_OAEP_SHA_1
DryRun	string	No	Apakah akan mengaktifkan fitur dry run. Nilai valid: true: Mengaktifkan fitur. false (default): Menonaktifkan fitur. Fitur dry run digunakan untuk menguji pemanggilan API dan memverifikasi izin pada Sumber daya yang ditentukan serta validitas parameter permintaan. Jika Anda mengaktifkan fitur dry run, KMS akan selalu mengembalikan hasil gagal beserta alasan kegagalan. Alasan kegagalan meliputi: DryRunOperationError: Permintaan akan berhasil jika parameter DryRun tidak ditentukan. ValidationError: Parameter yang ditentukan di permintaan tidak valid. AccessDeniedError: Anda tidak memiliki izin untuk melakukan operasi ini pada Sumber daya KMS.	false

Elemen respons

Element	Type	Description	Example
	object
KeyVersionId	string	The version number of the master key that is used to encrypt the plaintext.	2ab1a983-7072-4bbc-a582-584b5bd8****
KeyId	string	The ID of the key. If you specify an alias or an ARN of the key in the request, the ID of the key is returned.	key-hzz630494463ejqjx****
CiphertextBlob	string	The ciphertext of the data that is encrypted. The value is Base64-encoded.	BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==
RequestId	string	The ID of the request, which is a unique identifier generated by Alibaba Cloud for the request. You can use the request ID to troubleshoot issues.	475f1620-b9d3-4d35-b5c6-3fbdd941423d

Contoh

Respons sukses

JSONformat

{
  "KeyVersionId": "2ab1a983-7072-4bbc-a582-584b5bd8****",
  "KeyId": "key-hzz630494463ejqjx****",
  "CiphertextBlob": "BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==",
  "RequestId": "475f1620-b9d3-4d35-b5c6-3fbdd941423d"
}

Kode kesalahan

HTTP status code	Error code	Error message	Description
400	Rejected.UnsupportedOperation	Unsupported operation.	The operation is not supported.
404	Forbidden.AliasNotFound	The specified Alias is not found.	The error message returned because the specified alias does not exist.
404	Forbidden.KeyNotFound	The specified Key is not found.	The error message returned because the specified CMK does not exist.

Lihat Error Codes untuk daftar lengkap.

Catatan rilis

Lihat Release Notes untuk daftar lengkap.