tencent cloud

Feedback

Last updated: 2022-01-18 17:21:46

1. API Description

Domain name for API request: kms.tencentcloudapi.com.

This API is used to encrypt any data up to 4KB. It can be used to encrypt database passwords, RSA Key, or other small sensitive information. For application data encryption, use the DataKey generated by GenerateDataKey to perform local data encryption and decryption operations

A maximum of 300 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
This document describes the parameters for Signature V1. It's recommended to use the V3 signature, which provides higher security. Note that for Signature V3, the common parameters need to be placed in the HTTP Header. See details.

Parameter Name Required Type Description
Action Yes String Common parameter. The value used for this API: Encrypt.
Version Yes String Common parameter. The value used for this API: 2019-01-18.
Region Yes String Common parameter. For more information, please see the list of regions supported by the product.
KeyId Yes String Globally unique ID of the CMK generated by calling the CreateKey API
Plaintext Yes String Encrypted plaintext data. This field must be Base64-encoded. The maximum size of the original data is 4 KB
EncryptionContext No String JSON string of key-value pair. If this parameter is specified, the same parameter needs to be provided when the Decrypt API is called. It is up to 1,024 characters

3. Output Parameters

Parameter Name Type Description
CiphertextBlob String Base64-encoded ciphertext, which is the encrypted information of the ciphertext and key. To get the plaintext, you need to pass in this field to the Decrypt API.
KeyId String Globally unique ID of the CMK used for encryption
RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

4. Example

Example1 Encrypting data

This example shows you how to use a CMK to encrypt data up to 4 KB.

Input Example

https://kms.tencentcloudapi.com/?Action=Encrypt
&KeyId=23e80852-1e38-11e9-b129-5cb9019b4b01
&Plaintext=dGVzdCUyMHBsYWluJTIwdGV4dA==
&<Common request parameters>

Output Example

{
  "Response": {
    "RequestId": "816c6886-2147-4ee7-86f0-9400a7a398a5",
    "KeyId": "9999aed0-4956-11e9-bc70-5254005e86b4",
    "CiphertextBlob": "g2F8eQk44QrTbfj09TL17AZyFPgs8BTtZe2j27Wuw1YzTBCxnd0T/gwFQSasmtzxZi6mmvD7DCjCE+LxJmdhXQ==-k-zJshb0kBH7C2J5I3XXbbEg==-k-o1O+7H9HFAzWbCkftO2ZtPKewS3diSB4zGKOJhMn7LcKRhYr"
  }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
InternalError Internal error.
InvalidParameter Invalid parameter.
InvalidParameterValue.InvalidKeyId Invalid KeyId.
InvalidParameterValue.InvalidPlaintext Invalid Plaintext.
ResourceUnavailable.CmkArchived The CMK has been archived.
ResourceUnavailable.CmkDisabled The CMK has been disabled.
ResourceUnavailable.CmkNotFound The CMK does not exist.
UnauthorizedOperation Unauthorized operation.
Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support