tencent cloud

Encryption and Decryption
Download PDF
Last updated:2024-01-11 16:28:54
Encryption and Decryption
Last updated: 2024-01-11 16:28:54
Download PDF

Overview

The online encryption and decryption operations involve two APIs:
API Name
Description
Note
Encrypt
Used for encryption
The KeyId and Plaintext parameters are required for this API. For more information, please see the Encrypt API document.
Decrypt
Used for decryption
The CiphertextBlob parameter is required for this API. For more information, please see the Decrypt API document.

Encryption

The Encrypt API is used to encrypt up to 4 KB of data, such as database passwords, RSA keys, or other sensitive data. For application data, the DEK generated by the GenerateDataKey API can be used to perform encryption and decryption for the local data.
The examples below are called with TCCLI, which can also be called with any supported programming languages.

Examples

Encryption

If the Encrypt API is called with TCCLI, the plaintext data needs to be Base64-encoded. The This example is used for testing text is used in the following example.

Input

tccli kms Encrypt --KeyId 6xxxxxx-xxxx-xxxx-xxxx-5xxxxxxxxx5 --Plaintext 'VGhpcyBleGFtcGxlIGlzIHVzZWQgZm9yIHRlc3Rpbmc='

Output

If the execution is successful, the ciphertext and the CMK ID used to encrypt the plaintext will be returned, of which the ciphertext will be used for subsequent decryption operations.
{
    "KeyId": "6xxxxxx-xxxx-xxxx-xxxx-5xxxxxxxxx5",
    "RequestId": "23781471-c213-44c5-92a4-731b882e25b5",
    "CiphertextBlob": "Rrnqz5fthTxcSdCYIw5pBoEWLvrdqYNZ0oXKOmvYx/1Oo2R+DqEFPjjfVA1n1RE8PmVITaxuJwu9ZANK9uK3WA==-k-fKVP3WIlGpg8m9LMW4jEkQ==-k-mFM/5PEiMJsKC6fagEOfdlocOyC+a1n8PqaTOlBLT+rqjyKLVHUVtqamMQ3ERsYIe0wYoAMszR/FBrCJZ3a3B7f+8Xg="
}

Decryption

This example shows you how to decrypt the encrypted data, where the CMK is the one used in the above example.

Input

tccli kms Decrypt --CiphertextBlob 'Rrnqz5fthTxcSdCYIw5pBoEWLvrdqYNZ0oXKOmvYx/1Oo2R+DqEFPjjfVA1n1RE8PmVITaxuJwu9ZANK9uK3WA==-k-fKVP3WIlGpg8m9LMW4jEkQ==-k-mFM/5PEiMJsKC6fagEOfdlocOyC+a1n8PqaTOlBLT+rqjyKLVHUVtqamMQ3ERsYIe0wYoAMszR/FBrCJZ3a3B7f+8Xg='

Output

If the execution is successful, the Base64-encoded plaintext and the CMK ID used to encrypt the plaintext will be returned. An additional decryption operation in Base64 is needed to obtain the plaintext.
{
    "Plaintext": "VGhpcyBleGFtcGxlIGlzIHVzZWQgZm9yIHRlc3Rpbmc=",
    "KeyId": "6xxxxxx-xxxx-xxxx-xxxx-5xxxxxxxxx5",
    "RequestId": "bcce3fae-1794-4136-a486-d42780c10702"
}

Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback