Key Management Service API, REST: SymmetricCrypto.ReEncrypt

Written by

Updated at October 17, 2024

Re-encrypts a ciphertext with the specified KMS key.

HTTP request

POST https://kms.yandex/kms/v1/keys/{keyId}:reEncrypt

Field

Description

keyId

string

Required field. ID of the new key to be used for encryption.

{
  "versionId": "string",
  "aadContext": "string",
  "sourceKeyId": "string",
  "sourceAadContext": "string",
  "ciphertext": "string"
}

Field	Description
versionId	string ID of the version of the new key to be used for encryption. Defaults to the primary version if not specified.
aadContext	string (bytes) Additional authenticated data to be required for decryption. Should be encoded with base64.
sourceKeyId	string Required field. ID of the key that the ciphertext is currently encrypted with. May be the same as for the new key.
sourceAadContext	string (bytes) Additional authenticated data provided with the initial encryption request. Should be encoded with base64.
ciphertext	string (bytes) Required field. Ciphertext to re-encrypt. Should be encoded with base64.

HTTP Code: 200 - OK

{
  "keyId": "string",
  "versionId": "string",
  "sourceKeyId": "string",
  "sourceVersionId": "string",
  "ciphertext": "string"
}

Field	Description
keyId	string ID of the key that the ciphertext is encrypted with now.
versionId	string ID of key version that was used for encryption.
sourceKeyId	string ID of the key that the ciphertext was encrypted with previously.
sourceVersionId	string ID of the key version that was used to decrypt the re-encrypted ciphertext.
ciphertext	string (bytes) Resulting re-encrypted ciphertext.