tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Key Management Service
    Documentation
    Download PDF

    GenerateDataKey

    Last updated: 2023-03-24 16:02:39
    Download PDF

    1. API Description

    Domain name for API request: kms.tencentcloudapi.com.

    This API generates a data key, which you can use to encrypt local data.

    A maximum of 100 requests can be initiated per second for this API.

    We recommend you to use API Explorer
    Try it
    API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

    2. Input Parameters

    The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

    Parameter Name Required Type Description
    Action Yes String Common Params. The value used for this API: GenerateDataKey.
    Version Yes String Common Params. The value used for this API: 2019-01-18.
    Region No String Common Params. This parameter is not required for this API.
    KeyId Yes String Globally unique CMK ID
    KeySpec No String Specifies the encryption algorithm and size of the DataKey. Valid values: AES_128, AES_256. Either KeySpec or NumberOfBytes must be specified.
    NumberOfBytes No Integer Length of the DataKey. If both NumberOfBytes and KeySpec are specified, NumberOfBytes will prevail. Minimum value: 1; maximum value: 1024. Either KeySpec or NumberOfBytes must be specified.
    EncryptionContext No String JSON string of key-value pair. If this field is used, the same string should be entered when the returned DataKey is decrypted.
    EncryptionPublicKey No String PEM-encoded public key (2048-bit RSA/SM2 key), which can be used to encrypt the Plaintext returned. If this field is left empty, the Plaintext will not be encrypted.
    EncryptionAlgorithm No String Asymmetric encryption algorithm. Valid values: SM2 (C1C3C2 ciphertext is returned), SM2_C1C3C2_ASN1(C1C3C2 ASN1 ciphertext is returned),RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1, and RSAES_OAEP_SHA_256. This field is used in combination with EncryptionPublicKey` for encryption. If it is left empty, an SM2 public key will be used by default.

    3. Output Parameters

    Parameter Name Type Description
    KeyId String Globally unique CMK ID
    Plaintext String If EncryptionPublicKey is left empty, a Base64-encoded ciphertext will be returned. To get the plaintext, you need to decode the ciphertext first.
    If EncryptionPublicKey is specified, this field will return the Base64-encoded ciphertext encrypted with the specified public key. To get the plaintext, you need to decode the ciphertext and upload the corresponding private key.
    CiphertextBlob String Ciphertext of the data key, which should be kept by yourself. KMS does not host user data keys. You can call the Decrypt API to get the plaintext of the data key from CiphertextBlob.
    RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

    4. Example

    Example1 Generating a DEK

    This example shows you how to generate a DEK using the specified CMK.

    Input Example

    https://kms.tencentcloudapi.com/?Action=GenerateDataKey
&KeyId=23e80852-1e38-11e9-b129-5cb9019b4b01
&KeySpec=AES_256
&<Common request parameters>

    Output Example

    {
    "Response": {
        "RequestId": "fe11aa29-0cc2-4204-bfea-6ebb30cc00d7",
        "KeyId": "23e80852-1e38-11e9-b129-5cb9019b4b01",
        "Plaintext": "uW9wqntw+FAgnfsIrxOpOA==",
        "CiphertextBlob": "g2F8eQk44QrTbfj09TL17AZyFPgs8BTtZe2j27Wuw1YzTBCxnd0T/gwFQSasmtzxZi6mmvD7DCjCE+LxJmdhXQ==-k-fKVP3WIlGpg8m9LMW4jEkQ==-k-h/nUfRbaTUY7/KWXwuSK1Py+ZFRTK5WQiUz6yQE5XBFUN3UwPOUbl8P3A3caow2rlqTjUw=="
    }
}

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    FailedOperation.EncryptionError Encryption failed.
    InternalError Internal error.
    InvalidParameter Invalid parameter.
    InvalidParameterValue.InvalidKeyId Invalid KeyId.
    ResourceUnavailable.CmkDisabled The CMK has been disabled.
    ResourceUnavailable.CmkNotFound The CMK does not exist.
    ResourceUnavailable.KeyPendingDelete The key is not available as it’s pending deleted.
    UnauthorizedOperation Unauthorized operation.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Contact Us
    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    Submit a Ticket
    7x24 Phone Support
    Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
    Privacy PolicyLegalCookie Policy