Encrypt Method

Encrypts data using a CMK.

Syntax

ANSI (Cross Platform)
int Encrypt(const char* lpszKeyId, const char* lpszAlgorithm);

Unicode (Windows)
INT Encrypt(LPCWSTR lpszKeyId, LPCWSTR lpszAlgorithm);
- (void)encrypt:(NSString*)keyId :(NSString*)algorithm;
#define MID_AMAZONKMS_ENCRYPT 12

CLOUDKEYS_EXTERNAL int CLOUDKEYS_CALL CloudKeys_AmazonKMS_Do(void *lpObj, int methid, int cparam, void *param[], int cbparam[], int64 *lpllVal);

Remarks

This method encrypts data using the CMK specified by KeyId and the given Algorithm. The data to encrypt is taken from the input stream supplied via the SetInputStream method, the specified InputFile, or the InputData property. The encrypted data is output to the output stream supplied via the SetOutputStream method, the specified OutputFile, or the OutputData property.

The value passed for the KeyId parameter must be the Id or ARN of a CMK, or the name or ARN of an alias, in the current Region. If an ARN is provided, it can be for a CMK or alias in another account so long as the appropriate permissions are in place.

The Algorithm parameter specifies which algorithm to use to encrypt the data. Possible values vary depending on the specified CMK's key spec. The CMK's key spec and the selected algorithm together dictate the maximum size of the input data.

CMK's Key Spec Valid Algorithms Max Bytes
SYMMETRIC_DEFAULT SYMMETRIC_DEFAULT (default if empty) 4096
RSA_2048 RSAES_OAEP_SHA_1
RSAES_OAEP_SHA_256
214
190
RSA_3072 RSAES_OAEP_SHA_1
RSAES_OAEP_SHA_256
342
318
RSA_4096 RSAES_OAEP_SHA_1
RSAES_OAEP_SHA_256
470
446

Note that it is important to keep track of the encryption algorithm used, since it must be specified again when calling Decrypt (or ReEncrypt) later.

If Algorithm is SYMMETRIC_DEFAULT, the encryption context items in the EncryptionContext* properties will be included in the request. Including an encryption context when encrypting data means that the exact same encryption context must be supplied again in order to decrypt the data. Encryption context items are case-sensitive, but not order-sensitive.

This method will fail if any of the following are true regarding the specified CMK:

  • Its KeyState is anything other than aksEnabled (0).
  • It is for signing/verification instead of encryption/decryption (see KeyForSigning).
  • It is an AWS-managed CMK (see KeyAWSManaged).

Error Handling (C++)

This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)

Copyright (c) 2022 /n software inc. - All rights reserved.
Cloud Keys 2020 C++ Edition - Version 20.0 [Build 8157]