Contact UsGet started

Key Management Service API, gRPC: SymmetricCryptoService.ReEncrypt

Written by
Updated at November 26, 2024

Re-encrypts a ciphertext with the specified KMS key.

gRPC request

rpc ReEncrypt (SymmetricReEncryptRequest) returns (SymmetricReEncryptResponse)

SymmetricReEncryptRequest

{
  "key_id": "string",
  "version_id": "string",
  "aad_context": "bytes",
  "source_key_id": "string",
  "source_aad_context": "bytes",
  "ciphertext": "bytes"
}

Field

Description

key_id

string

Required field. ID of the new key to be used for encryption.

version_id

string

ID of the version of the new key to be used for encryption.
Defaults to the primary version if not specified.

aad_context

bytes

Additional authenticated data to be required for decryption.
Should be encoded with base64.

source_key_id

string

Required field. ID of the key that the ciphertext is currently encrypted with. May be the same as for the new key.

source_aad_context

bytes

Additional authenticated data provided with the initial encryption request.
Should be encoded with base64.

ciphertext

bytes

Required field. Ciphertext to re-encrypt.
Should be encoded with base64.

SymmetricReEncryptResponse

{
  "key_id": "string",
  "version_id": "string",
  "source_key_id": "string",
  "source_version_id": "string",
  "ciphertext": "bytes"
}

Field

Description

key_id

string

ID of the key that the ciphertext is encrypted with now.

version_id

string

ID of key version that was used for encryption.

source_key_id

string

ID of the key that the ciphertext was encrypted with previously.

source_version_id

string

ID of the key version that was used to decrypt the re-encrypted ciphertext.

ciphertext

bytes

Resulting re-encrypted ciphertext.
Previous
Decrypt
Next
GenerateDataKey