<p class="shortdesc"></p> <section class="section" id="GenerateDataKey__section_w5l_rdj_mlb"><h2 class="doc-tairway">产生数据密钥：GenerateDataKey</h2> <p class="p"><strong class="ph b">描述</strong></p> <p class="p">利用一个主密钥产生一个数据密钥，且可以用其来对本地数据进行加解密操作。</p> <p class="p">plainText字段返回数据密钥明文，cipherTextBlob字段返回数据密钥密文。</p> <div class="note note note_note"><span class="note__title">说明：</span> <ul class="ul" id="GenerateDataKey__ul_ckf_sdj_mlb"> <li class="li">当需要利用数据密钥对本地磁盘大量业务数据进行加解密时，您可以利用如下方式进行：<ol class="ol" id="GenerateDataKey__ol_sfj_vdj_mlb"> <li class="li">首先通过调用我们提供的API接口<strong class="ph b">generateDataKey</strong>产生数据密钥；</li> <li class="li">获取API接口返回的plainText（数据密钥明文），对本地数据进行加密，然后删除数据密钥明文；</li> <li class="li">将加密后的数据及API接口返回的数据密钥密文进行本地持久化，实现明文不落地。</li> </ol></li> <li class="li">当keySpec和numberOfBytes都不填写时，默认keySpec为AES_256。</li> <li class="li">同时指定numberOfBytes和keySpec时，以numberOfBytes为准。</li> </ul> </div> <p class="p"><strong class="ph b">请求参数</strong></p> <table class="table" id="GenerateDataKey__table_ekf_sdj_mlb"><caption></caption><colgroup><col><col><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="GenerateDataKey__table_ekf_sdj_mlb__entry__1">名称</th> <th class="entry" id="GenerateDataKey__table_ekf_sdj_mlb__entry__2">类型</th> <th class="entry" id="GenerateDataKey__table_ekf_sdj_mlb__entry__3">是否必需</th> <th class="entry" id="GenerateDataKey__table_ekf_sdj_mlb__entry__4">描述</th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__1 ">keyId</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__2 ">String</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__3 ">是</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__4 ">密钥的全局唯一标识符</td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__1 ">keySpec</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__2 ">String</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__3 ">否</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__4 ">产生数据密钥的长度与类型，AES_256表示256比特的对称密钥，AES_128表示128比特的对称密钥</td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__1 ">numberOfBytes</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__2 ">String</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__3 ">否</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__4 ">产生数据密钥的长度，以字节为单位。有效值：1 到 1024</td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__1 ">encryptionContext</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__2 ">String</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__3 ">否</td> <td class="entry" headers="GenerateDataKey__table_ekf_sdj_mlb__entry__4 ">附加盐值，如果指定了该参数，则在调用Decrypt 时需要提供同样的参数</td> </tr> </tbody></table> <p class="p"><strong class="ph b">返回参数</strong></p> <table class="table" id="GenerateDataKey__table_fkf_sdj_mlb"><caption></caption><colgroup><col><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="GenerateDataKey__table_fkf_sdj_mlb__entry__1">名称</th> <th class="entry" id="GenerateDataKey__table_fkf_sdj_mlb__entry__2">类型</th> <th class="entry" id="GenerateDataKey__table_fkf_sdj_mlb__entry__3">描述</th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">code</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">返回码，成功返回"SUCCESS"</td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">cipherTextBlob</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">加密后的数据密钥Data key</td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">keyId</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">密钥的全局唯一标识符</td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">plainText</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">数据密钥明文</td> </tr> <tr class="row"> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__1 ">requestId</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__2 ">String</td> <td class="entry" headers="GenerateDataKey__table_fkf_sdj_mlb__entry__3 ">当前请求Id</td> </tr> </tbody></table> <p class="p"><strong class="ph b">请求示例</strong></p> <pre class="pre codeblock"><code>https://kms-cn-shanghai.yun.pingan.com/?action=GenerateDataKey &keyId=<cmkid> &keySpec=<key spec> &numberOfBytes=<number of bytes> &encryptionContext=<your encryption context> &<公共请求参数></code></pre> <p class="p"><strong class="ph b">返回示例</strong></p> <pre class="pre codeblock"><code>{ "code": "SUCCESS", "cipherTextBlob": "your data key cipher text blob ", "plainText": "your data key plain text", "keyId": "your key id", "requestId": "1d2f32cf-d75f-48c0-a9e4-05b82c6fe867" }</code></pre> </section>