tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Key Management Service
    Documentation
    Download PDF

    Encryption and Decryption

    Last updated: 2024-01-11 16:28:54
    Download PDF

      Overview

      The online encryption and decryption operations involve two APIs:
      API Name
      Description
      Note
      Encrypt
      Used for encryption
      The KeyId and Plaintext parameters are required for this API. For more information, please see the Encrypt API document.
      Decrypt
      Used for decryption
      The CiphertextBlob parameter is required for this API. For more information, please see the Decrypt API document.

      Encryption

      The Encrypt API is used to encrypt up to 4 KB of data, such as database passwords, RSA keys, or other sensitive data. For application data, the DEK generated by the GenerateDataKey API can be used to perform encryption and decryption for the local data.
      The examples below are called with TCCLI, which can also be called with any supported programming languages.

      Examples

      Encryption

      If the Encrypt API is called with TCCLI, the plaintext data needs to be Base64-encoded. The This example is used for testing text is used in the following example.

      Input

      tccli kms Encrypt --KeyId 6xxxxxx-xxxx-xxxx-xxxx-5xxxxxxxxx5 --Plaintext 'VGhpcyBleGFtcGxlIGlzIHVzZWQgZm9yIHRlc3Rpbmc='

      Output

      If the execution is successful, the ciphertext and the CMK ID used to encrypt the plaintext will be returned, of which the ciphertext will be used for subsequent decryption operations.
      {
          "KeyId": "6xxxxxx-xxxx-xxxx-xxxx-5xxxxxxxxx5",
          "RequestId": "23781471-c213-44c5-92a4-731b882e25b5",
          "CiphertextBlob": "Rrnqz5fthTxcSdCYIw5pBoEWLvrdqYNZ0oXKOmvYx/1Oo2R+DqEFPjjfVA1n1RE8PmVITaxuJwu9ZANK9uK3WA==-k-fKVP3WIlGpg8m9LMW4jEkQ==-k-mFM/5PEiMJsKC6fagEOfdlocOyC+a1n8PqaTOlBLT+rqjyKLVHUVtqamMQ3ERsYIe0wYoAMszR/FBrCJZ3a3B7f+8Xg="
      }

      Decryption

      This example shows you how to decrypt the encrypted data, where the CMK is the one used in the above example.

      Input

      tccli kms Decrypt --CiphertextBlob 'Rrnqz5fthTxcSdCYIw5pBoEWLvrdqYNZ0oXKOmvYx/1Oo2R+DqEFPjjfVA1n1RE8PmVITaxuJwu9ZANK9uK3WA==-k-fKVP3WIlGpg8m9LMW4jEkQ==-k-mFM/5PEiMJsKC6fagEOfdlocOyC+a1n8PqaTOlBLT+rqjyKLVHUVtqamMQ3ERsYIe0wYoAMszR/FBrCJZ3a3B7f+8Xg='

      Output

      If the execution is successful, the Base64-encoded plaintext and the CMK ID used to encrypt the plaintext will be returned. An additional decryption operation in Base64 is needed to obtain the plaintext.
      {
          "Plaintext": "VGhpcyBleGFtcGxlIGlzIHVzZWQgZm9yIHRlc3Rpbmc=",
          "KeyId": "6xxxxxx-xxxx-xxxx-xxxx-5xxxxxxxxx5",
          "RequestId": "bcce3fae-1794-4136-a486-d42780c10702"
      }
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy