Creating a DEK

Function

This API allows you to create a DEK. A returned result includes the plaintext and the ciphertext of a DEK.

Note

By default, the performance threshold for creating DEKs is 1000 TPS per customer. To apply for higher performance, submit a service ticket.

URI

  • URI format

    POST /v1.0/{project_id}/kms/create-datakey

  • Parameter description

    Table 1 Parameters

    Parameter

    Mandatory

    Type

    Description

    project_id

    Yes

    String

    Project ID

Requests

Table 2 Request parameters

Parameter

Mandatory

Type

Description

key_id

Yes

String

36-byte ID of a CMK that matches the regular expression ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f

encryption_context

No

Object

Key-value pairs with a maximum length of 8192 characters. This parameter is used to record resource context information, excluding sensitive information, to ensure data integrity.

If this parameter is specified during encryption, it is also required for decryption.

Example: {"Key1":"Value1","Key2":"Value2"}

datakey_length

Yes

String

Number of bits of a key. The value is 512.

sequence

No

String

36-byte serial number of a request message

Example: 919c82d4-8046-4722-9094-35c3c6524cff

Responses

Table 3 Response parameters

Parameter

Mandatory

Type

Description

key_id

Yes

String

CMK ID

plain_text

Yes

String

The plaintext of a DEK is expressed in hexadecimal format, and two characters indicate one byte.

cipher_text

Yes

String

The ciphertext of a DEK is expressed in hexadecimal format, and two characters indicate one byte.

Examples

The following example describes how to create a DEK whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f and length is 512 bits.

  • Example request

    {
        "key_id": "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
        "datakey_length": "512"
    }
    
  • Example response

    {
        "key_id": "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
        "plain_text": "8151014275E426C72EE7D44267EF11590DCE0089E19863BA8CC832187B156A72A5A17F17B5EF0D525872C59ECEB72948AF85E18427F8BE0D46545C979306C08D",
        "cipher_text": "020098009EEAFCE122CAA5927D2E020086F9548BA1675FDB022E4ECC01B96F2189CF4B85E78357E73E1CEB518DAF7A4960E7C7DE8885ED3FB2F1471ABF400119CC1B20BD3C4A9B80AF590EFD0AEDABFDBB0E2B689DA7B6C9E7D3C5645FCD9274802586BE63779471F9156F2CDF07CD8412FFBE9230643034363662302D653732372D346439632D623335642D6638346262343734613337660000000045B05321483BD9F9561865EE7DFE9BE267A42EB104E98C16589CE46940B18E52"
    }
    

    or

    {
        "error": {
            "error_code": "KMS.XXXX",
            "error_msg": "XXX"
        }
    }
    

Status Codes

Table 4 lists the normal status code returned by the response.

Table 4 Status codes

Status Code

Status

Description

200

OK

Request processed successfully.

Exception status code. For details, see Status Codes.