docs(review): review of en/decrypting data with asym key

Author: nerda-codes

pages/key-manager/api-cli/encrypt-decrypt-asymmetric-key-with-go-sdk.mdx

@@ -1,19 +1,22 @@
-h1: Encrypting and decrypting data with an asymmetric key
-paragraph: Learn how to encrypt and decrypt data with an asymmetric key using Key Manager with Scaleway Go SDK.
+---
+meta:
+  title: Encrypting and decrypting data with an asymmetric key
+  description: Learn how to encrypt and decrypt data with an asymmetric key using Key Manager and the Scaleway Go SDK.
+content:
+  h1: Encrypting and decrypting data with an asymmetric key
+  paragraph: Learn how to encrypt and decrypt data with an asymmetric key using Key Manager and the Scaleway Go SDK.
 tags: key sensitive-data encrypt decrypt asymmetric digest
 dates:
-validation: 2025-02-06
-posted: 2025-02-06
+  validation: 2025-05-27
+  posted: 2025-05-27
 ---
 
-Scaleway's Key Manager provides a secure way to manage asymmetric keys, allowing you to offload sensitive cryptographic
-operations to a managed service. In this guide, you'll learn how to integrate the Scaleway Go SDK to encrypt and decrypt
-data using an rsa_oaep_3072_sha256 key directly through the Key Manager API.
+Scaleway's Key Manager provides a secure way to manage asymmetric keys, allowing you to offload sensitive cryptographic operations to a managed service. This documentation page shows you how to integrate the Scaleway Go SDK to encrypt and decrypt data using an `rsa_oaep_3072_sha256` key directly through the [Key Manager API](https://www.scaleway.com/en/developers/api/key-manager/).
 
 
-<Message type="warning">
-    Please note that we do not recommend using asymmetric encryption for anything other than key encryption.
-    For all other purposes (eg. encrypting large data or files), we recommend using Tink with Scaleway's Key Manager as explained [here.](/key-manager/api-cli/encrypt-decrypt-data-with-km-dek/)
+<Message type="important">
+    We do not recommend using asymmetric encryption for anything other than key encryption.
+    For all other purposes (encrypting large data or files), we recommend using Tink with Scaleway's Key Manager as explained [in the dedicated documentation](/key-manager/api-cli/encrypt-decrypt-data-with-km-dek/).
 </Message>
 
 ## Configuring your environment variables
@@ -30,16 +33,15 @@ Open a terminal and paste the following commands to export your environment vari
   export SCW_API_URL="<api-URL>"
   ```
 
-## Encrypt data
+## Encrypting data
 
-This operation takes place locally, ensuring the plaintext message never leaves your environment unprotected.
-The public key can be fetched using the Key Manager API, parsed, and used to encrypt data with RSA-OAEP and SHA-256 padding.
+This operation takes place locally, ensuring the plaintext message never leaves your environment unprotected. The public key can be fetched using the Key Manager API, parsed, and used to encrypt data with RSA-OAEP and SHA-256 padding.
 
 ```golang
-// encryptAsymmetric encrypts data on your local machine using an 'rsa_oaep_3072_sha256' key retrieved from Scaleway KMS.
+// encryptAsymmetric encrypts data on your local machine using an 'rsa_oaep_3072_sha256' key retrieved from Scaleway Key Manager.
 //
 // Parameters:
-//   - keyID: The unique identifier of the asymmetric key stored in Scaleway KMS.
+//   - keyID: The unique identifier of the asymmetric key stored in Key Manager.
 //   - message: The plaintext message that needs to be encrypted.
 //
 // Returns:
@@ -52,15 +54,15 @@ func encryptAsymmetric(keyID string, message string) error {
 	}
 	kmsApi := key_manager.NewAPI(client)
 
-	// Retrieve the public key from Scaleway KMS.
+	// Retrieve the public key from Key Manager.
 	response, err := kmsApi.GetPublicKey(&key_manager.GetPublicKeyRequest{
 		KeyID: keyID,
 	})
 	if err != nil {
 		return fmt.Errorf("failed to get public key: %w", err)
 	}
 
-	// Parse the public key. Note, this example assumes the public key is in the
+	// Parse the public key. This example assumes the public key is in the
 	// RSA format.
 	block, _ := pem.Decode([]byte(response.Pem))
 	publicKey, err := x509.ParsePKCS1PublicKey(block.Bytes)
@@ -84,23 +86,24 @@ func encryptAsymmetric(keyID string, message string) error {
 ```
 
 <Message type="note">
-    Please note that :
-    - Encryption can also be performed using the Scaleway's Key Manager Encrypt method.
-    - In the case of asymmetric encryption, the maximum payload size allowed depends on the key algo (190 bytes for `RSA_OAEP_2048_SHA256`, 318 bytes for `RSA_OAEP_3072_SHA256` and 446 bytes for `RSA_OAEP_4096_SHA256`).
+    - Encryption can also be performed using the [encrypt method of the Key Manager API](https://www.scaleway.com/en/developers/api/key-manager/#path-keys-encrypt-a-payload).
+    - For asymmetric encryption, the maximum payload size allowed depends on the key algorithm used:
+	- 190 bytes for `RSA_OAEP_2048_SHA256`
+	- 318 bytes for `RSA_OAEP_3072_SHA256` and 
+	- 446 bytes for `RSA_OAEP_4096_SHA256`)
 </Message>
 
-## Decrypt data
+## Decrypting data
 
-To retrieve the original message, you must send the encrypted ciphertext to Scaleway Key Manager,
-which uses the private portion of the asymmetric key to decrypt it. This ensures your private key remains secure within
+To retrieve the original message, you must send the encrypted ciphertext to Scaleway Key Manager, which uses the private portion of the asymmetric key to decrypt it. This ensures your private key remains secure within
 Scaleway’s infrastructure.
 
 ```golang
 
-// decryptAsymmetric attempts to decrypt a given ciphertext using an 'rsa_oaep_3072_sha256' key from Scaleway KMS.
+// decryptAsymmetric attempts to decrypt a given ciphertext using an 'rsa_oaep_3072_sha256' key from Key Manager.
 //
 // Parameters:
-//   - keyID: The unique identifier of the asymmetric key stored in Scaleway KMS.
+//   - keyID: The unique identifier of the asymmetric key stored in Key Manager.
 //   - ciphertext: The encrypted data that needs to be decrypted.
 //
 // Returns:
@@ -128,4 +131,4 @@ func decryptAsymmetric(keyID string, ciphertext []byte) error {
 	fmt.Printf("Decrypted plaintext: %s", result.Plaintext)
 	return nil
 }
-```
+```