Encrypt data using a symmetric or asymmetric key.

Published on Jun 2, 2025

1 minute(s) read

Post

/crypto/v1/encrypt

For symmetric ciphers, mode (the block cipher mode) is a required field. For GCM and CCM modes, tag_len is a required field. iv is optional for symmetric ciphers and unused for asymmetric ciphers. If provided, it will be used as the cipher initialization vector. The length of iv must match the initialization vector size for the cipher and mode. If not provided, a random iv of the correct length is created and returned in the response. Objects of type Opaque, EC, or HMAC may not be used with this API.

Security

HTTP

Type bearer

API Key: apiKeyAuth

Header parameter nameAuthorization

Body parameters

Expand All

object

key

OneOf

SobjectDescriptorVariantKid

object (SobjectDescriptorVariantKid)

kid

string (uuid) Required

SobjectDescriptorVariantName

object (SobjectDescriptorVariantName)

name

string Required

Max length4096

Pattern^[^\n]*[^\s\n][^\n]*$

SobjectDescriptorVariantTransientKey

object (SobjectDescriptorVariantTransientKey)

transient_key

string (byte) Required

SobjectDescriptorVariantInline

object (SobjectDescriptorVariantInline)

inline

object Required

value

string (byte) Required

obj_type

string Required

Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ]

alg

string Required

Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "KCDSA", "EC", "ECKCDSA", "BIP32", "BLS", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "HMAC", "LEDABETA", "ROUND5BETA", "PBE" ]

plain

string (byte) Required

mode

OneOf

string

Valid values[ "ECB", "CBC", "CBCNOPAD", "CFB", "OFB", "CTR", "GCM", "CCM", "KW", "KWP", "FF1" ]

object

OneOf

RsaEncryptionPaddingVariantOaep

object (RsaEncryptionPaddingVariantOaep)

OAEP

object Required

mgf

OneOf

MgfVariantMgf1

object (MgfVariantMgf1)

mgf1

object Required

hash

string Required

Valid values[ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ]

RsaEncryptionPaddingVariantPkcs1V15

object (RsaEncryptionPaddingVariantPkcs1V15)

PKCS1_V15

object Required

RsaEncryptionPaddingVariantRawDecrypt

object (RsaEncryptionPaddingVariantRawDecrypt)

RAW_DECRYPT

object Required

string (byte)

tag_len

integer | null

label

string (byte)

Responses

2XX

Success result

object

kid

string (uuid) | null

cipher

string (byte)

tag

string (byte)

Was this article helpful?