Contact UsGet started

Key Management Service API, gRPC: SymmetricCryptoService.ReEncrypt

Written by
Updated at October 17, 2024

Re-encrypts a ciphertext with the specified KMS key.

gRPC request

rpc ReEncrypt (SymmetricReEncryptRequest) returns (SymmetricReEncryptResponse)

SymmetricReEncryptRequest

{
  "keyId": "string",
  "versionId": "string",
  "aadContext": "bytes",
  "sourceKeyId": "string",
  "sourceAadContext": "bytes",
  "ciphertext": "bytes"
}

Field

Description

keyId

string

Required field. ID of the new key to be used for encryption.

versionId

string

ID of the version of the new key to be used for encryption.
Defaults to the primary version if not specified.

aadContext

bytes

Additional authenticated data to be required for decryption.
Should be encoded with base64.

sourceKeyId

string

Required field. ID of the key that the ciphertext is currently encrypted with. May be the same as for the new key.

sourceAadContext

bytes

Additional authenticated data provided with the initial encryption request.
Should be encoded with base64.

ciphertext

bytes

Required field. Ciphertext to re-encrypt.
Should be encoded with base64.

SymmetricReEncryptResponse

{
  "keyId": "string",
  "versionId": "string",
  "sourceKeyId": "string",
  "sourceVersionId": "string",
  "ciphertext": "bytes"
}

Field

Description

keyId

string

ID of the key that the ciphertext is encrypted with now.

versionId

string

ID of key version that was used for encryption.

sourceKeyId

string

ID of the key that the ciphertext was encrypted with previously.

sourceVersionId

string

ID of the key version that was used to decrypt the re-encrypted ciphertext.

ciphertext

bytes

Resulting re-encrypted ciphertext.
Previous
Decrypt
Next
GenerateDataKey