Key Management Crypto Functions

DECRYPT Function

Decrypts data using the given DecryptDataDetails resource.

Syntax

FUNCTION decrypt (
  decrypt_data_details dbms_cloud_oci_key_management_decrypt_data_details_t,
  opc_request_id varchar2 DEFAULT NULL,
  region varchar2 DEFAULT NULL, 
  endpoint varchar2 DEFAULT NULL,
  credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_km_kms_crypto_decrypt_response_t;

Parameters

Parameter	Description
`decrypt_data_details`	(required) DecryptDataDetails
`opc_request_id`	(optional) Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.
`region`	(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix).
`endpoint`	(optional) The endpoint of the service to call using this function. e.g https://kms.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence.
`credential_name`	(optional) The name of the credential for authenticating with the corresponding cloud native API.

ENCRYPT Function

Encrypts data using the given EncryptDataDetails resource. Plaintext included in the example request is a base64-encoded value of a UTF-8 string.

Syntax

FUNCTION encrypt (
  encrypt_data_details dbms_cloud_oci_key_management_encrypt_data_details_t,
  opc_request_id varchar2 DEFAULT NULL,
  region varchar2 DEFAULT NULL, 
  endpoint varchar2 DEFAULT NULL,
  credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_km_kms_crypto_encrypt_response_t;

Parameters

Parameter	Description
`encrypt_data_details`	(required) EncryptDataDetails
`opc_request_id`	(optional) Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.
`region`	(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix).
`endpoint`	(optional) The endpoint of the service to call using this function. e.g https://kms.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence.
`credential_name`	(optional) The name of the credential for authenticating with the corresponding cloud native API.

EXPORT_KEY Function

Exports a specific version of a master encryption key according to the details of the request. For their protection, keys that you create and store on a hardware security module (HSM) can never leave the HSM. You can only export keys stored on the server. For export, the key version is encrypted by an RSA public key that you provide. This operation is not supported for keys having protection mode `EXTERNAL`.

Syntax

FUNCTION export_key (
  export_key_details dbms_cloud_oci_key_management_export_key_details_t,
  region varchar2 DEFAULT NULL, 
  endpoint varchar2 DEFAULT NULL,
  credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_km_kms_crypto_export_key_response_t;

Parameters

Parameter	Description
`export_key_details`	(required) ExportKeyDetails
`region`	(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix).
`endpoint`	(optional) The endpoint of the service to call using this function. e.g https://kms.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence.
`credential_name`	(optional) The name of the credential for authenticating with the corresponding cloud native API.

GENERATE_DATA_ENCRYPTION_KEY Function

Generates a key that you can use to encrypt or decrypt data.

Syntax

FUNCTION generate_data_encryption_key (
  generate_key_details dbms_cloud_oci_key_management_generate_key_details_t,
  opc_request_id varchar2 DEFAULT NULL,
  region varchar2 DEFAULT NULL, 
  endpoint varchar2 DEFAULT NULL,
  credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_km_kms_crypto_generate_data_encryption_key_response_t;

Parameters

Parameter	Description
`generate_key_details`	(required) GenerateKeyDetails
`opc_request_id`	(optional) Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.
`region`	(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix).
`endpoint`	(optional) The endpoint of the service to call using this function. e.g https://kms.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence.
`credential_name`	(optional) The name of the credential for authenticating with the corresponding cloud native API.

SIGN Function

Creates a digital signature for a message or message digest by using the private key of a public-private key pair, also known as an asymmetric key. To verify the generated signature, you can use the Verify operation. Or, if you want to validate the signature outside of the service, you can do so by using the public key of the same asymmetric key. This operation is not supported for keys having protection mode `EXTERNAL`.

Syntax

FUNCTION sign (
  sign_data_details dbms_cloud_oci_key_management_sign_data_details_t,
  opc_request_id varchar2 DEFAULT NULL,
  region varchar2 DEFAULT NULL, 
  endpoint varchar2 DEFAULT NULL,
  credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_km_kms_crypto_sign_response_t;

Parameters

Parameter	Description
`sign_data_details`	(required) SignDataDetails
`opc_request_id`	(optional) Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.
`region`	(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix).
`endpoint`	(optional) The endpoint of the service to call using this function. e.g https://kms.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence.
`credential_name`	(optional) The name of the credential for authenticating with the corresponding cloud native API.

VERIFY Function

Verifies a digital signature that was generated by the Sign operation by using the public key of the same asymmetric key that was used to sign the data. If you want to validate the digital signature outside of the service, you can do so by using the public key of the asymmetric key. This operation is not supported for keys having protection mode `EXTERNAL`.

Syntax

FUNCTION verify (
  verify_data_details dbms_cloud_oci_key_management_verify_data_details_t,
  opc_request_id varchar2 DEFAULT NULL,
  region varchar2 DEFAULT NULL, 
  endpoint varchar2 DEFAULT NULL,
  credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_km_kms_crypto_verify_response_t;

Parameters

Parameter	Description
`verify_data_details`	(required) VerifyDataDetails
`opc_request_id`	(optional) Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.
`region`	(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix).
`endpoint`	(optional) The endpoint of the service to call using this function. e.g https://kms.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence.
`credential_name`	(optional) The name of the credential for authenticating with the corresponding cloud native API.

Oracle Cloud Infrastructure Documentation

DECRYPT Function

ENCRYPT Function

EXPORT_KEY Function

GENERATE_DATA_ENCRYPTION_KEY Function

SIGN Function

VERIFY Function