This section describes how to use the online tool to encrypt or decrypt small-size data (4 KB or smaller) on the KMS console.
Prerequisites
The custom key is in Enabled status.
Constraints
- Default keys cannot be used to encrypt or decrypt such data with the tool.
- Asymmetric keys cannot be used to encrypt or decrypt such data with the tool.
- You can call an API to use a default key to encrypt or decrypt small volumes of data. For details, see the Key Management Service API Reference.
- Use the current CMK to encrypt the data.
- Exercise caution when you delete a CMK. The online tool cannot decrypt data if the CMK used for encryption has been deleted.
Encrypting Data
- Log in to the management console.
- Click
. Choose . The Key Management Service page is displayed.
- Click Encrypt. In the text box on the left, enter the data to be encrypted, as shown in Figure 1.
- Click Execute. Ciphertext of the data is displayed in the text box on the right.
- Use the current CMK to encrypt the data.
- You can click Clear to clear the entered data.
- You can click Copy to Clipboard to copy the ciphertext and save it in a local file.
Decrypting Data
- Log in to the management console.
- You can click any non-default key in Enabled status to go to the encryption and decryption page of the online tool.
- Click Decrypt. In the text box on the left, enter the data to be decrypted. For details, see Figure 2.
- The tool will identify the original encryption CMK and use it to decrypt the data.
- If the key has been deleted, the decryption will fail.
- Click Execute. Plaintext of the data is displayed in the text box on the right.
- You can click Copy to Clipboard to copy the plaintext and save it in a local file.
- Enter the plaintext on the console, the text will be encoded to Base64 format before encryption.
The decryption result returned via API will be in Base64 format. Perform Base64 decoding to obtain the plaintext entered on the console.
