<p class="shortdesc"></p> <section class="section" id="GenerateDataKey__section_w5l_rdj_mlb"><h2 class="doc-tairway">GenerateDataKey </h2> <p class="p"><strong class="ph b">Description</strong></p> <p class="p">Using a customer master key (CMK) to generate a data key, which can be used to encrypt and decrypt local data. </p> <p class="p">The plainText field returns the plaintext copy of the data key. The cipherTextBlob field returns the ciphertext copy of the data key. </p> <div class="note note note_note"><span class="note__title">Note:</span> </div> <ul class="ul" id="GenerateDataKey__ul_ckf_sdj_mlb"> <li class="li">When you need to use a data key to encrypt or decrypt large amounts of local data, you can: <ol class="ol" id="GenerateDataKey__ol_sfj_vdj_mlb"> <li class="li">First, generate a data key by calling the <strong class="ph b"><strong class="ph b">generateDataKey </strong></strong>API provided by KMS; </li> <li class="li">Use the plaintext data key returned by the API to encrypt local data, and then delete it; </li> <li class="li">Persist the encrypted data and the ciphertext data key locally. Make sure you remove the plaintext data key right after using it. </li> </ol></li> <li class="li">If you do not enter the values for keySpec and numberOfBytes, the value of keySpec is AES_256 by default. </li> <li class="li">If you specify the values for numberOfBytes and keySpec at the same time, the value of numberOfBytes shall prevail. </li> </ul> <p class="p"><strong class="ph b">Request Parameters</strong></p> <table class="table" id="GenerateDataKey__table_ekf_sdj_mlb"><caption></caption><colgroup><col><col><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="GenerateDataKey__table_ekf_sdj_mlb__entry__1">Name </th> <th class="entry" id="GenerateDataKey__table_ekf_sdj_mlb__entry__2">Type </th> <th class="entry" id="GenerateDataKey__table_ekf_sdj_mlb__entry__3">Necessary or Not </th> <th class="entry" id="GenerateDataKey__table_ekf_sdj_mlb__entry__4">Description </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__1 ">keyId </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__2 ">String </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__3 ">Yes </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__4 ">Globally unique identifier of the CMK. </td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__1 ">keySpec </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__2 ">String </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__3 ">No </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__4 ">Length and type of the data key to be generated. AES_256 refers to a 256-bit symmetric key. AES_128 refers to a 128-bit symmetric key. </td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__1 ">numberOfBytes </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__2 ">String </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__3 ">No </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__4 ">Length of the data key to be generated in bytes. Valid value: 1 to 1024. </td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__1 ">encryptionContext </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__2 ">String </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__3 ">No </td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__4 ">Additional salt value. If you specify this parameter, you need to provide the same parameter when calling the Decrypt API. </td> </tr> </tbody></table> <p class="p"><strong class="ph b">Return Parameters</strong></p> <table class="table" id="GenerateDataKey__table_fkf_sdj_mlb"><caption></caption><colgroup><col><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="GenerateDataKey__table_fkf_sdj_mlb__entry__1">Name </th> <th class="entry" id="GenerateDataKey__table_fkf_sdj_mlb__entry__2">Type </th> <th class="entry" id="GenerateDataKey__table_fkf_sdj_mlb__entry__3">Description </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">code </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">Return code. “SUCCESS” will be returned if the request is succeeded. </td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">cipherTextBlob </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">Encrypted data key. </td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">keyId </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">Globally unique identifier of the CMK. </td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">plainText </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">Plaintext data key. </td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">requestId </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String </td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">ID of the current request. </td> </tr> </tbody></table> <p class="p"><strong class="ph b">Request Example</strong></p> <pre class="pre codeblock"><code>https://kms-cn-shanghai.yun.pingan.com/?action=GenerateDataKey &keyId=<cmkid> &keySpec=<key spec> &numberOfBytes=<number of bytes> &encryptionContext=<your encryption context> &<公共请求参数> </code></pre> <p class="p"><strong class="ph b">Return Example</strong></p> <pre class="pre codeblock"><code>{ "code": "SUCCESS", "cipherTextBlob": "your data key cipher text blob ", "plainText": "your data key plain text", "keyId": "your key id", "requestId": "1d2f32cf-d75f-48c0-a9e4-05b82c6fe867" } </code></pre> </section>