All Products
Search

This Product

    Key Management Service:GetPublicKey

    Document Center

    Key Management Service:GetPublicKey

    Last Updated:Sep 11, 2024

    Queries the public key of an asymmetric key pair. You can use the public key to encrypt local data and verify signatures.

    Debugging

    OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

    Request parameters

    Parameter

    Type

    Required

    Example

    Description
    Action String Yes GetPublicKey

    The operation that you want to perform. Set the value to GetPublicKey.

    KeyId String Yes 5c438b18-05be-40ad-b6c2-3be6752c****

    The ID of the key. The ID must be globally unique. You can also set this parameter to an alias that is bound to the key. For more information, see Alias overview.

    KeyVersionId String Yes 2ab1a983-7072-4bbc-a582-584b5bd8****

    The version ID of the key. The ID must be globally unique.

    DryRun String No false

    Specifies whether to perform a dry run. Valid values:

    • true
    • false (default)

    A dry run is used for testing in API calls. You can perform a dry run to check whether you have the permissions to access the resources that you want to manage and whether the request parameters are correctly configured. If you set DryRun to true in the request, KMS always returns an error code that indicates the cause of the error. KMS may return the following error codes:

    • DryRunOperationError: The request passes the dry run. If you do not configure the DryRun parameter and retain the other parameter configurations to call the same operation, the operation will be performed.
    • ValidationError: A parameter value in the request is invalid.
    • AccessDeniedError: You do not have the permissions to access the resources that you want to manage.

    Response parameters

    Parameter

    Type

    Example

    Description
    KeyVersionId String 2ab1a983-7072-4bbc-a582-584b5bd8****

    The version ID of the key that is used to encrypt the plaintext.

    KeyId String 5c438b18-05be-40ad-b6c2-3be6752c****

    The globally unique ID of the key.

    Note If the KeyId parameter is set to an alias of the key, the ID of the key to which the alias is bound is returned.
    RequestId String 475f1620-b9d3-4d35-b5c6-3fbdd941423d

    The request ID.

    PublicKey String -----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\nJQIDAQAB\n-----END PUBLIC KEY-----\n

    The public key returned in the PEM format.

    Examples

    Sample requests

    http(s)://[Endpoint]/?Action=GetPublicKey
&KeyId=5c438b18-05be-40ad-b6c2-3be6752c****
&KeyVersionId=2ab1a983-7072-4bbc-a582-584b5bd8****
&DryRun=false
&<Common request parameters>

    Sample success responses

    XML format

    HTTP/1.1 200 OK
Content-Type:application/xml

<GetPublicKeyResponse>
    <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>
    <KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>
    <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>
    <PublicKey>-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\nJQIDAQAB\n-----END PUBLIC KEY-----\n</PublicKey>
</GetPublicKeyResponse>

    JSON format

    HTTP/1.1 200 OK
Content-Type:application/json

{
  "KeyVersionId" : "2ab1a983-7072-4bbc-a582-584b5bd8****",
  "KeyId" : "5c438b18-05be-40ad-b6c2-3be6752c****",
  "RequestId" : "475f1620-b9d3-4d35-b5c6-3fbdd941423d",
  "PublicKey" : "-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\nJQIDAQAB\\n-----END PUBLIC KEY-----\\n"
}

    Error codes

    HttpCode

    Error code

    Error message

    Description
    400 InvalidParameter The specified parameter is not valid. The specified parameter is invalid.
    404 Forbidden.KeyNotFound The specified Key is not found. The specified key does not exist.

    For a list of error codes, see Service error codes.