ReEncrypt

Last updated: 2019-12-14 14:06:41

PDF

1. API Description

API domain name: kms.tencentcloudapi.com

This API re-encrypts the ciphertext using the specified customer master key (CMK).

API request rate limit: 100 requests/sec.

2. Input Parameters

The list below contains only the API request parameters and certain common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter name Required Type Description
Action Yes String Common parameter. The value used for this API: ReEncrypt
Version Yes String Common parameter. The version of this API: 2019-01-18
Region Yes String Common parameter. For more information, see the List of Regions supported by the product.
CiphertextBlob Yes String Ciphertext to be re-encrypted
DestinationKeyId No String CMK used for re-encryption. If this parameter is empty, the ciphertext is re-encrypted using the original CMK (as long as the key is not rotated, the ciphertext will not be refreshed)
SourceEncryptionContext No String key-value pair JSON string for CiphertextBlob ciphertext encryption. This field is empty if it's not being used for encryption
DestinationEncryptionContext No String key-value pair JSON string for re-encryption. To use this field, you should fill the same string when decrypting the returned new ciphertext.

3. Output Parameters

Parameter name Type Description
CiphertextBlob String Re-encrypted ciphertext
KeyId String CMK used for re-encryption
SourceKeyId String CMK used by the ciphertext before re-encryption
ReEncrypted Boolean true means that the ciphertext has been re-encrypted. When using the old CMK to re-encrypt, the re-encryption will not perform until the CMK is rotated; it will return the original ciphertext.
RequestId String Unique ID of the request. Each request returns a unique ID. The RequestId is required to troubleshoot issues.

4. Examples

Example 1. Re-encrypting

Re-encrypt the ciphertext.

Input Sample Code

https://kms.tencentcloudapi.com/?Action=ReEncrypt
&DestinationKeyId=23e80852-1e38-11e9-b129-5cb9019b4b01
&CiphertextBlob=Ade234dasdeEWdGVzdCUyMHBsYWlJJlIHL
&<Common request parameter>

Output Sample Code

{
  "Response": {
    "CiphertextBlob": "g2F8eQk44QrTbfj09TL17AZyFPgs8BTtZe2j27Wuw1YzTBCxnd0T/gwFQSasmtzxZi6mmvD7DCjCE+LxJmdhXQ==-k-zJshb0kBH7C2J5I3XXbbEg==-k-o1O+7H9HFAzWbCkftO2ZtPKewS3diSB4zGKOJhMn7LcKRhYr",
    "KeyId": "23e80852-1e38-11e9-b129-5cb9019b4b01",
    "SourceKeyId": "23e80852-1e38-11e9-b129-5cb9019b0000",
    "ReEncrypted": true,
    "RequestId": "1b580852-1e38-11e9-b129-5cb9019b4b00"
  }
}

5. Developer Resources

API Explorer

*This tool makes it easy for you to call Tencent Cloud APIs, authenticate signature, generate SDK codes, and search for APIs. *

6. Error Codes

The following only lists the error codes related to this API. For other error codes, see Common Error Codes.

Error Code Description
InternalError Internal error.
InvalidParameter Incorrect parameter.
InvalidParameterValue.InvalidCiphertext The ciphertext is in incorrect format.
InvalidParameterValue.InvalidKeyId Invalid KeyId.
ResourceUnavailable.CmkDisabled The CMK has been disabled.
ResourceUnavailable.CmkNotFound The CMK does not exist.
UnauthorizedOperation Unauthorized operation.