<p class="shortdesc"></p> <section class="section" id="IMPORTKEYMATERIAL__section_hv1_f2j_mlb"><h2 class="doc-tairway">导入密钥材料：ImportKeyMaterial</h2> <p class="p"><strong class="ph b">描述</strong></p> <p class="p">调用CreateKey创建主密钥时，选择密钥材料来源为外部。该API用于将密钥材料导入符合上述描述的CMK中，并且要求导入前该CMK的密钥状态为 “待导入”。</p> <div class="note note note_note"><span class="note__title">说明：</span> <ol class="ol" id="IMPORTKEYMATERIAL__ol_mnq_ddj_mlb"> <li class="li">在进行密钥材料导入CMK之前，您需要先调用GetParametersForImport获取导入密钥材料需要的参数，即用于加密密钥材料的公钥（public key）和导入令牌（import token）；</li> <li class="li">导入的密钥材料仅支持256位的对称密钥；</li> <li class="li">导入密钥材料时您可以设置密钥材料过期时间，也可以设置其永不过期；</li> <li class="li">您能随时为指定的CMK重新导入密钥材料，并重新指定过期时间。但必须导入相同的密钥材料，某个指定的CMK不可以更换密钥材料；</li> <li class="li">导入的密钥材料过期或者被删除后，指定的CMK将无法使用，需要再次导入相同的密钥材料才可正常使用；</li> <li class="li">同样的密钥材料可导入不同的CMK中，但使用其中一个CMK加密的数据或Datakey，无法使用另一个CMK解密。</li> </ol> </div> <p class="p"><strong class="ph b">请求参数</strong></p> <table class="table" id="IMPORTKEYMATERIAL__table_nnq_ddj_mlb"><caption></caption><colgroup><col><col><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__1">名称</th> <th class="entry" id="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__2">类型</th> <th class="entry" id="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__3">是否必须</th> <th class="entry" id="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__4">描述</th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__1 "> <p class="p">encryptedKeyMaterial</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__2 "> <p class="p">String</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__3 "> <p class="p">是</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__4 "> <p class="p">十六进制表示的加密后的密钥材料</p> </td> </tr> <tr class="row"> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__1 "> <p class="p">importToken</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__2 "> <p class="p">String</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__3 "> <p class="p">是</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__4 "> <p class="p">通过调用GetParametersForImport获得的导入令牌</p> </td> </tr> <tr class="row"> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__1 "> <p class="p">keyMaterialExpireUnix</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__2 "> <p class="p">Timestamp</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__3 "> <p class="p">否</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_nnq_ddj_mlb__entry__4 "> <p class="p">密钥材料过期时间</p> <p class="p">不指定该参数，或取值为0表示密钥材料不会过期</p> <p class="p">取值不可早于调用该API的时间（以服务器时间为准）</p> </td> </tr> </tbody></table> <p class="p"><strong class="ph b">返回参数</strong></p> <table class="table" id="IMPORTKEYMATERIAL__table_onq_ddj_mlb"><caption></caption><colgroup><col><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="IMPORTKEYMATERIAL__table_onq_ddj_mlb__entry__1">名称</th> <th class="entry" id="IMPORTKEYMATERIAL__table_onq_ddj_mlb__entry__2">类型</th> <th class="entry" id="IMPORTKEYMATERIAL__table_onq_ddj_mlb__entry__3">描述</th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="IMPORTKEYMATERIAL__table_onq_ddj_mlb__entry__1 "> <p class="p">code</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_onq_ddj_mlb__entry__2 "> <p class="p">String</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_onq_ddj_mlb__entry__3 "> <p class="p">返回码，成功返回"SUCCESS"</p> </td> </tr> <tr class="row"> <td class="entry" headers="IMPORTKEYMATERIAL__table_onq_ddj_mlb__entry__1 "> <p class="p">requestId</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_onq_ddj_mlb__entry__2 "> <p class="p">String</p> </td> <td class="entry" headers="IMPORTKEYMATERIAL__table_onq_ddj_mlb__entry__3 "> <p class="p">当前请求Id</p> </td> </tr> </tbody></table> <p class="p"><strong class="ph b">请求示例</strong></p> <pre class="pre codeblock"><code>https://kms-cn-shanghai.yun.pingan.com/?action=ImportKeyMaterial &importToken=<your import token> &encryptedKeyMaterial=<your encrypted key material> &keyMaterialExpireUnix=1543911476027 &<公共请求参数></code></pre> <p class="p"><strong class="ph b">返回示例</strong></p> <pre class="pre codeblock"><code>{       "code": "SUCCESS",       "requestId": "be536733-a5e5-4a7e-92c6-395ce37830fc" }</code></pre> </section>