CertificatePublicKeyEncrypt -

Limit: The encryption algorithm in the request parameters must match the key type.

The following table describes the mapping between encryption algorithms and key types.


Algorithm	Key Spec
RSAES_OAEP_SHA_1	RSA_2048
RSAES_OAEP_SHA_256	RSA_2048
SM2PKE	EC_SM2

In this example, the certificate whose ID is 12345678-1234-1234-1234-12345678**** and the encryption algorithm RSAES_OAEP_SHA_256 are used to encrypt the data VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	CertificatePublicKeyEncrypt	The operation that you want to perform. Set the value to CertificatePublicKeyEncrypt.
CertificateId	String	Yes	12345678-1234-1234-1234-12345678****	The ID of the certificate. The ID must be globally unique in Certificates Manager.
Algorithm	String	Yes	RSAES_OAEP_SHA_256	The encryption algorithm. Valid values: RSAES_OAEP_SHA_1 RSAES_OAEP_SHA_256 SM2PKE Note The SM2PKE encryption algorithm is supported only in regions in mainland China. In these regions, managed hardware security modules (HSMs) are used. For more information, see Managed HSM overview.
Plaintext	String	Yes	VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=	The data that you want to encrypt. The value is encoded in Base64. For example, if the hexadecimal data that you want to encrypt is `[0x31, 0x32, 0x33, 0x34]`, the Base64-encoded data is `MTIzNA==`. The size of data that can be encrypted varies based on the encryption algorithm that you use: RSAES_OAEP_SHA_1: 214 bytes RSAES_OAEP_SHA_256: 190 bytes SM2PKE: 6,047 bytes If the size of data that you want to encrypt exceeds the preceding limits, you can call the GenerateDataKey operation to generate a data key to encrypt the data. Then, call the CertificatePublicKeyEncrypt operation to encrypt the data key.

For more information about common request parameters, see Common parameters.

Response parameters


Parameter	Type	Example	Description
CiphertextBlob	String	ZOyIygCyaOW6Gj****MlNKiuyjfzw=	The ciphertext. The value is encoded in Base64.
RequestId	String	5979d897-d69f-4fc9-87dd-f3bb73c40b80	The ID of the request, which is used to locate and troubleshoot issues.
CertificateId	String	12345678-1234-1234-1234-12345678****	The ID of the certificate.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CertificatePublicKeyEncrypt
&CertificateId=12345678-1234-1234-1234-12345678****
&Algorithm=RSAES_OAEP_SHA_256
&Plaintext=VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CertificatePublicKeyEncryptResponse>
    <CiphertextBlob>ZOyIygCyaOW6Gj****MlNKiuyjfzw=</CiphertextBlob>
    <RequestId>5979d897-d69f-4fc9-87dd-f3bb73c40b80</RequestId>
    <CertificateId>12345678-1234-1234-1234-12345678****</CertificateId>
</CertificatePublicKeyEncryptResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "CiphertextBlob" : "ZOyIygCyaOW6Gj****MlNKiuyjfzw=",
  "RequestId" : "5979d897-d69f-4fc9-87dd-f3bb73c40b80",
  "CertificateId" : "12345678-1234-1234-1234-12345678****"
}

Error codes


HTTP status code	Error code	Error message	Description
400	InvalidParameter	The specified parameter is not valid.	The error message returned because an invalid value is specified for the parameter.
404	Certificate.NotFound	The specified certificate is not found.	The error message returned because the specified certificate does not exist.
404	InvalidAccessKeyId.NotFound	The Access Key ID provided does not exist in our records.	The error message returned because the specified AccessKey ID does not exist.

For a list of error codes, visit the API Error Center.