Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Blog
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
Yandex project
© 2023 Intertech Services AG
Yandex Key Management Service
  • Getting started
  • Step-by-step guides
  • Concepts
  • Tutorials
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
    • REST
      • Overview
      • SymmetricCrypto
        • Overview
        • decrypt
        • encrypt
        • generateDataKey
        • reEncrypt
      • SymmetricKey
  • Questions and answers
  1. API reference
  2. REST
  3. SymmetricCrypto
  4. reEncrypt

Key Management Service API, REST: SymmetricCrypto.reEncrypt

Written by
Yandex Cloud
  • HTTP request
  • Path parameters
  • Body parameters
  • Response

Re-encrypts a ciphertext with the specified KMS key.

HTTP request

POST https://kms.api.cloud.yandex.net/kms/v1/keys/{keyId}:reEncrypt

Path parameters

Parameter Description
keyId

Required. ID of the new key to be used for encryption.

The maximum string length in characters is 50.

Body parameters

{
  "versionId": "string",
  "aadContext": "string",
  "sourceKeyId": "string",
  "sourceAadContext": "string",
  "ciphertext": "string"
}
Field Description
versionId string

ID of the version of the new key to be used for encryption. Defaults to the primary version if not specified.

The maximum string length in characters is 50.

aadContext string (byte)

Additional authenticated data to be required for decryption. Should be encoded with base64.

The maximum string length in characters is 8192.

sourceKeyId string

Required. ID of the key that the ciphertext is currently encrypted with. May be the same as for the new key.

The maximum string length in characters is 50.

sourceAadContext string (byte)

Additional authenticated data provided with the initial encryption request. Should be encoded with base64.

The maximum string length in characters is 8192.

ciphertext string (byte)

Required. Ciphertext to re-encrypt. Should be encoded with base64.

Response

HTTP Code: 200 - OK

{
  "keyId": "string",
  "versionId": "string",
  "sourceKeyId": "string",
  "sourceVersionId": "string",
  "ciphertext": "string"
}
Field Description
keyId string

ID of the key that the ciphertext is encrypted with now.

versionId string

ID of key version that was used for encryption.

sourceKeyId string

ID of the key that the ciphertext was encrypted with previously.

sourceVersionId string

ID of the key version that was used to decrypt the re-encrypted ciphertext.

ciphertext string (byte)

Resulting re-encrypted ciphertext.

Was the article helpful?

Language / Region
Yandex project
© 2023 Intertech Services AG
In this article:
  • HTTP request
  • Path parameters
  • Body parameters
  • Response