All Products
Search

This Product

    MaxCompute:NEW_KEYSET

    Document Center

    MaxCompute:NEW_KEYSET

    Last Updated:Nov 17, 2023

    Creates a keyset based on the specified algorithm type.

    Syntax

    binary NEW_KEYSET(string <key_type>, [string <description>])

    Parameters

    • key_type: required. This parameter specifies the algorithm type of the data key in the new keyset. Valid values: AES-GCM-256, AES-SIV-CMAC-128, and AES-SIV-CMAC-256.

    • description: optional. This parameter provides a description of the data key in the new keyset.

    Return value

    A keyset of the BINARY type is returned.

    Note

    You can use HEX to convert the BINARY type into the STRING type or use UNHEX to convert the STRING type into the BINARY type based on your business requirements.

    Examples

    select hex(NEW_KEYSET('AES-GCM-256', 'hello world'));

    The following result is returned: 

    +------------+
| _c0        |
+------------+
| 0A10577567735A514541554D42776E684C4212580A330A0B4145532D47434D2D323536122017F7A430B9D4B59B55454FD4B486216059F1B748CE0502D901EBEACEAB6569191801200210011A10577567735A514541554D42776E684C4220022A0B68656C6C6F20776F726C64 |
+------------+

    References

    References

    Description

    Use keysets

    Describes how to use keyset-related encryption and decryption functions.

    ADD_KEY_TO_KEYSET

    Describes the ADD_KEY_TO_KEYSET function. The function is used to add a key to a keyset and configure the key as the master key.

    KEYSET_TO_JSON

    Describes the KEYSET_TO_JSON function. The function is used to convert a keyset of the BINARY type into a readable JSON string. After the conversion, you can view the details of the keyset.

    KEYSET_FROM_JSON

    Describes the KEYSET_FROM_JSON function. The function is used to convert a keyset of the JSON type into a keyset of the BINARY type.

    ROTATE_KEYSET

    Describes the ROTATE_KEYSET function. The function allows the system to automatically produce a new key and configure the new key as the master key.

    NEW_WRAPPED_KEYSET

    Describes the NEW_WRAPPED_KEYSET function. The function is used to assume the Alibaba Cloud Resource Name (ARN) of a role that can use Key Management Service (KMS) customer master key (CMK) ARNs to MaxCompute and create a wrapped keyset. The role ARN is specified by role_arn. The KMS CMK ARN is specified by kms_cmk_arn. The function is also used to grant other Alibaba Cloud accounts the permissions to decrypt a keyset based on role_chain.

    ROTATE_WRAPPED_KEYSET

    Describes the ROTATE_WRAPPED_KEYSET function. The function is used to decrypt an encrypted keyset, implement key rotation, and use a new key to encrypt data.

    USE_WRAPPED_KEYSET

    Describes the USE_WRAPPED_KEYSET function. The function is used to convert a wrapped keyset into a basic keyset that is used as a parameter in the encryption or decryption function. You can also use the USE_WRAPPED_KEYSET function to obtain information about a wrapped keyset and save the information for subsequent keyset maintenance.

    ENHANCED_SYM_ENCRYPT

    Describes the ENHANCED_SYM_ENCRYPT function. The function is used to encrypt data by using a specified keyset.

    ENHANCED_SYM_DECRYPT

    Describes the ENHANCED_SYM_DECRYPT function. The function is used to decrypt data by using a specified keyset.