Ciphertext refresh

Last updated: 2020-10-16 18:20:58

1. API Description

Domain name for API request:

Re-encrypt the ciphertext using the specified CMK.

A maximum of 100 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common parameter. The value used for this API: ReEncrypt.
Version Yes String Common parameter. The value used for this API: 2019-01-18.
Region Yes String Common parameter. For more information, please see the list of regions supported by the product.
CiphertextBlob Yes String Ciphertext to be re-encrypted
DestinationKeyId No String CMK used for re-encryption. If this parameter is empty, the ciphertext will be re-encrypted by using the original CMK (as long as the key is not rotated, the ciphertext will not be refreshed)
SourceEncryptionContext No String JSON string of the key-value pair used during ciphertext encryption by CiphertextBlob. If not used during encryption, this parameter will be empty
DestinationEncryptionContext No String JSON string of the key-value pair used during re-encryption. If this field is used, the same string should be entered when the returned new ciphertext is decrypted

3. Output Parameters

Parameter Name Type Description
CiphertextBlob String Re-encrypted ciphertext
KeyId String CMK used for re-encryption
SourceKeyId String CMK used by ciphertext before re-encryption
ReEncrypted Boolean true indicates that the ciphertext has been re-encrypted. When re-encryption is initiated by using the same CMK, as long as the CMK is not rotated, no actual re-encryption will be performed, and the original ciphertext will be returned
RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

4. Example

Example1 Re-encrypting

This example shows you how to re-encrypt the ciphertext.

Input Example
&<common request parameters>

Output Example

  "Response": {
    "CiphertextBlob": "g2F8eQk44QrTbfj09TL17AZyFPgs8BTtZe2j27Wuw1YzTBCxnd0T/gwFQSasmtzxZi6mmvD7DCjCE+LxJmdhXQ==-k-zJshb0kBH7C2J5I3XXbbEg==-k-o1O+7H9HFAzWbCkftO2ZtPKewS3diSB4zGKOJhMn7LcKRhYr",
    "KeyId": "23e80852-1e38-11e9-b129-5cb9019b4b01",
    "SourceKeyId": "23e80852-1e38-11e9-b129-5cb9019b0000",
    "ReEncrypted": true,
    "RequestId": "1b580852-1e38-11e9-b129-5cb9019b4b00"

5. Developer Resources

API Explorer

This tool allows online call, signature authentication, SDK code generation and quick search of APIs to greatly improve the efficiency of using TencentCloud APIs.


TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
InternalError Internal error.
InvalidParameter Invalid parameter.
InvalidParameterValue.InvalidCiphertext Incorrect ciphertext format
InvalidParameterValue.InvalidKeyId Invalid KeyId.
ResourceUnavailable.CmkDisabled The CMK has been disabled.
ResourceUnavailable.CmkNotFound The CMK does not exist.
UnauthorizedOperation Unauthorized operation.

Was this page helpful?

Was this page helpful?

  • Not at all
  • Not very helpful
  • Somewhat helpful
  • Very helpful
  • Extremely helpful
Send Feedback