> ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Begin multi-part encryption. > This API is used when encrypting more data than the client wishes to submit in a single request. It supports only symmetric ciphers and CBC, CBCNOPAD, CTR, and GCM modes of operation. To perform multi-part encryption, the client makes one request to the `init` resource, zero or more requests to the `update` resource, followed by one request to the `final` resource. The response to init and update requests includes a `state` field. The `state` is an opaque data blob that must be supplied unmodified by the client with each subsequent request. ## OpenAPI ````json POST /crypto/v1/encrypt/init { "openapi": "3.0.0", "info": { "title": "Fortanix DSM REST API", "description": "This is a set of REST APIs for accessing the Fortanix Data Security Manager. This includes APIs for managing accounts, and for performing cryptographic and key management operations. \n\n **Note:** \n- All binary input should be base64-encoded. These fields are marked with `format: byte`. \n- For forward compatibility, any API client is expected to ignore any fields in the response not explicitly mentioned in the documentation. We reserve the right to add new fields at any time to provide new functionality without affecting existing API clients.", "termsOfService": "https://www.fortanix.com/legal/terms/", "contact": { "name": "Fortanix Support", "url": "https://support.fortanix.com/", "email": "support@fortanix.com" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "0.1.0-20260526" }, "servers": [ { "url": "https://amer.smartkey.io" } ], "paths": { "/crypto/v1/encrypt/init": { "post": { "operationId": "EncryptInit", "tags": [ "Crypto" ], "security": [ { "bearerToken": [] }, { "apiKeyAuth": [] } ], "summary": "Begin multi-part encryption.", "description": "This API is used when encrypting more data than the client wishes\nto submit in a single request. It supports only symmetric ciphers\nand CBC, CBCNOPAD, CTR, and GCM modes of operation. To perform\nmulti-part encryption, the client makes one request to the `init`\nresource, zero or more requests to the `update` resource, followed\nby one request to the `final` resource. The response to init and\nupdate requests includes a `state` field. The `state` is an opaque\ndata blob that must be supplied unmodified by the client with each\nsubsequent request.", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EncryptInitRequest" } } } }, "responses": { "2XX": { "description": "Success result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EncryptInitResponse" } } } } } } } }, "components": { "schemas": { "EncryptInitRequest": { "allOf": [ { "type": "object", "description": "Request body to initialize multi-part encryption.", "properties": { "key": { "$ref": "#/components/schemas/SobjectDescriptor" }, "alg": { "$ref": "#/components/schemas/Algorithm" }, "mode": { "$ref": "#/components/schemas/CipherMode" }, "iv": { "type": "string", "format": "byte", "description": "Initialization vector" }, "ad": { "type": "string", "format": "byte", "description": "Authenticated data, required for AEAD algorithms" } }, "required": [ "alg" ] } ] }, "EncryptInitResponse": { "allOf": [ { "type": "object", "description": "Response body of initializing multi-part encryption.", "properties": { "kid": { "type": "string", "format": "uuid", "nullable": true, "description": "Key id is returned for non-transient keys." }, "iv": { "type": "string", "format": "byte", "description": "Initialization vector. Only returned for symmetric encryption." }, "state": { "type": "string", "format": "byte", "description": "Current state of the encrypted cipher.\nOpaque data, not to be interpreted or modified by the client and must be provided with next request." } }, "required": [ "state" ] } ] }, "SobjectDescriptor": { "description": "Uniquely identifies a persisted or transient sobject.", "oneOf": [ { "title": "SobjectDescriptorVariantKid", "type": "object", "properties": { "kid": { "type": "string", "format": "uuid" } }, "required": [ "kid" ] }, { "title": "SobjectDescriptorVariantName", "type": "object", "properties": { "name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$" } }, "required": [ "name" ] }, { "title": "SobjectDescriptorVariantTransientKey", "type": "object", "properties": { "transient_key": { "type": "string", "format": "byte" } }, "required": [ "transient_key" ] }, { "title": "SobjectDescriptorVariantInline", "type": "object", "properties": { "inline": { "$ref": "#/components/schemas/SobjectDescriptorInline" } }, "required": [ "inline" ] } ] }, "Algorithm": { "description": "A cryptographic algorithm.", "type": "string", "enum": [ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "KCDSA", "EC", "ECKCDSA", "BIP32", "SLIP10", "BLS", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "HMAC", "LEDABETA", "ROUND5BETA", "PBE" ] }, "CipherMode": { "description": "Cipher mode used for symmetric key algorithms.", "type": "string", "enum": [ "ECB", "CBC", "CBCNOPAD", "CFB", "OFB", "CTR", "GCM", "CCM", "KW", "KWP", "FF1" ] }, "SobjectDescriptorInline": { "allOf": [ { "type": "object", "properties": { "value": { "type": "string", "format": "byte" }, "obj_type": { "$ref": "#/components/schemas/ObjectType" } }, "required": [ "value", "obj_type" ] } ] }, "ObjectType": { "description": "Type of security object.", "type": "string", "enum": [ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "SLIP10", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ] } } } } ````