Encrypts data by using a specific certificate.
Limit: The encryption algorithm in the request parameters must match the key type.
The following table describes the mapping between encryption algorithms and key types.
Algorithm |
Key Spec |
---|---|
RSAES_OAEP_SHA_1 |
RSA_2048 |
RSAES_OAEP_SHA_256 |
RSA_2048 |
SM2PKE |
EC_SM2 |
In this example, the certificate whose ID is 12345678-1234-1234-1234-12345678****
and the encryption algorithm RSAES_OAEP_SHA_256
are used to encrypt the data VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=
.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | CertificatePublicKeyEncrypt |
The operation that you want to perform. Set the value to CertificatePublicKeyEncrypt. |
CertificateId | String | Yes | 12345678-1234-1234-1234-12345678**** |
The ID of the certificate. The ID must be globally unique in Certificates Manager. |
Algorithm | String | Yes | RSAES_OAEP_SHA_256 |
The encryption algorithm. Valid values:
|
Plaintext | String | Yes | VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4= |
The data that you want to encrypt. The value is encoded in Base64. For example, if the hexadecimal data that you want
to encrypt is The size of data that can be encrypted varies based on the encryption algorithm that you use:
If the size of data that you want to encrypt exceeds the preceding limits, you can call the GenerateDataKey operation to generate a data key to encrypt the data. Then, call the CertificatePublicKeyEncrypt operation to encrypt the data key. |
For more information about common request parameters, see Common parameters.
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
CiphertextBlob | String | ZOyIygCyaOW6Gj****MlNKiuyjfzw= |
The ciphertext. The value is encoded in Base64. |
RequestId | String | 5979d897-d69f-4fc9-87dd-f3bb73c40b80 |
The ID of the request, which is used to locate and troubleshoot issues. |
CertificateId | String | 12345678-1234-1234-1234-12345678**** |
The ID of the certificate. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=CertificatePublicKeyEncrypt
&CertificateId=12345678-1234-1234-1234-12345678****
&Algorithm=RSAES_OAEP_SHA_256
&Plaintext=VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<CertificatePublicKeyEncryptResponse>
<CiphertextBlob>ZOyIygCyaOW6Gj****MlNKiuyjfzw=</CiphertextBlob>
<RequestId>5979d897-d69f-4fc9-87dd-f3bb73c40b80</RequestId>
<CertificateId>12345678-1234-1234-1234-12345678****</CertificateId>
</CertificatePublicKeyEncryptResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"CiphertextBlob" : "ZOyIygCyaOW6Gj****MlNKiuyjfzw=",
"RequestId" : "5979d897-d69f-4fc9-87dd-f3bb73c40b80",
"CertificateId" : "12345678-1234-1234-1234-12345678****"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidParameter | The specified parameter is not valid. | The error message returned because an invalid value is specified for the parameter. |
404 | Certificate.NotFound | The specified certificate is not found. | The error message returned because the specified certificate does not exist. |
404 | InvalidAccessKeyId.NotFound | The Access Key ID provided does not exist in our records. | The error message returned because the specified AccessKey ID does not exist. |
For a list of error codes, visit the API Error Center.