ADD_KEY_TO_KEYSET - MaxCompute - Alibaba Cloud Documentation Center

Adds a key to a keyset and configures the key as the master key.

Syntax

binary ADD_KEY_TO_KEYSET(binary <keyset>, string <key_type>, binary <raw_key>, [string <description>])

Parameters

keyset: required. This parameter specifies an existing keyset of the BINARY type.
key_type: required. This parameter specifies the algorithm type of the key that you want to add. Valid values: AES-GCM-256, AES-SIV-CMAC-128, and AES-SIV-CMAC-256.
raw_key: required. This parameter specifies the key that you want to add and configure as the master key. The key is of the BINARY type.
description: optional. This parameter provides a description of the data key.

Return value

A keyset of the BINARY type is returned.

Note

You can use HEX to convert the BINARY type into the STRING type or use UNHEX to convert the STRING type into the BINARY type based on your business requirements.

Examples

select hex(ADD_KEY_TO_KEYSET(unhex ('0A1072384D715A414541385044643351534C12580A330A0B4145532D47434D2D323536122026A8FB1126DF4F5B5DD03C180E6919565D7716CBB291815EFB5BBF30F8BEF9AF1801200210011A1072384D715A414541385044643351534C20022A0B68656C6C6F20776F726C64'), 'AES-SIV-CMAC-128', unhex('b75585cf321cdcad42451690cdb7bfc49c26092f60f854e72d43244c55620a3d'),'description') );

The following result is returned:

+------------+
| _c0        |
+------------+
| 0A10596530735A5145414150447273424C4212580A330A0B4145532D47434D2D323536122026A8FB1126DF4F5B5DD03C180E6919565D7716CBB291815EFB5BBF30F8BEF9AF1801200210011A1072384D715A414541385044643351534C20022A0B68656C6C6F20776F726C64125D0A380A104145532D5349562D434D41432D3132381220B75585CF321CDCAD42451690CDB7BFC49C26092F60F854E72D43244C55620A3D1801200110011A10596530735A5145414150447273424C4220022A0B6465736372697074696F6E |
+------------+

References

References	Description
Use keysets	Describes how to use keyset-related encryption and decryption functions.
NEW_KEYSET	Describes the NEW_KEYSET function. The function is used to create a keyset based on a specified algorithm type.
KEYSET_TO_JSON	Describes the KEYSET_TO_JSON function. The function is used to convert a keyset of the BINARY type into a readable JSON string. After the conversion, you can view the details of the keyset.
KEYSET_FROM_JSON	Describes the KEYSET_FROM_JSON function. The function is used to convert a keyset of the JSON type into a keyset of the BINARY type.
ROTATE_KEYSET	Describes the ROTATE_KEYSET function. The function allows the system to automatically produce a new key and configure the new key as the master key.
NEW_WRAPPED_KEYSET	Describes the NEW_WRAPPED_KEYSET function. The function is used to assume the Alibaba Cloud Resource Name (ARN) of a role that can use Key Management Service (KMS) customer master key (CMK) ARNs to MaxCompute and create a wrapped keyset. The role ARN is specified by `role_arn`. The KMS CMK ARN is specified by kms_cmk_arn. The function is also used to grant other Alibaba Cloud accounts the permissions to decrypt a keyset based on `role_chain`.
REWRAP_KEYSET	Describes the REWRAP_KEYSET function. The function is used to re-encrypt a wrapped keyset based on a specified KMS key.
ROTATE_WRAPPED_KEYSET	Describes the ROTATE_WRAPPED_KEYSET function. The function is used to decrypt an encrypted keyset, implement key rotation, and use a new key to encrypt data.
USE_WRAPPED_KEYSET	Describes the USE_WRAPPED_KEYSET function. The function is used to convert a wrapped keyset into a basic keyset that is used as a parameter in the encryption or decryption function. You can also use the USE_WRAPPED_KEYSET function to obtain information about a wrapped keyset and save the information for subsequent keyset maintenance.
ENHANCED_SYM_ENCRYPT	Describes the ENHANCED_SYM_ENCRYPT function. The function is used to encrypt data by using a specified keyset.
ENHANCED_SYM_DECRYPT	Describes the ENHANCED_SYM_DECRYPT function. The function is used to decrypt data by using a specified keyset.