Method reEncrypt
Re-encrypts a ciphertext with the specified KMS key.
HTTP request
POST https://kms.yandex/kms/v1/keys/{keyId}:reEncrypt
Path parameters
| Parameter | Description |
|---|---|
| keyId | Required. ID of the new key to be used for encryption. The maximum string length in characters is 50. |
Body parameters
{
"versionId": "string",
"aadContext": "string",
"sourceKeyId": "string",
"sourceAadContext": "string",
"ciphertext": "string"
}
| Field | Description |
|---|---|
| versionId | string ID of the version of the new key to be used for encryption. Defaults to the primary version if not specified. The maximum string length in characters is 50. |
| aadContext | string (byte) Additional authenticated data to be required for decryption. Should be encoded with base64. The maximum string length in characters is 8192. |
| sourceKeyId | string Required. ID of the key that the ciphertext is currently encrypted with. May be the same as for the new key. The maximum string length in characters is 50. |
| sourceAadContext | string (byte) Additional authenticated data provided with the initial encryption request. Should be encoded with base64. The maximum string length in characters is 8192. |
| ciphertext | string (byte) Required. Ciphertext to re-encrypt. Should be encoded with base64. |
Response
HTTP Code: 200 - OK
{
"keyId": "string",
"versionId": "string",
"sourceKeyId": "string",
"sourceVersionId": "string",
"ciphertext": "string"
}
| Field | Description |
|---|---|
| keyId | string ID of the key that the ciphertext is encrypted with now. |
| versionId | string ID of key version that was used for encryption. |
| sourceKeyId | string ID of the key that the ciphertext was encrypted with previously. |
| sourceVersionId | string ID of the key version that was used to decrypt the re-encrypted ciphertext. |
| ciphertext | string (byte) Resulting re-encrypted ciphertext. |