Full name: projects.locations.keyRings.cryptoKeys.decrypt
Decrypts data that was protected by cryptoKeys.encrypt
. The CryptoKey.purpose
must be ENCRYPT_DECRYPT
.
HTTP request
The URLs use gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
Required. The resource name of the Authorization requires the following IAM permission on the specified resource
|
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "ciphertext": string, "additionalAuthenticatedData": string, "ciphertextCrc32c": string, "additionalAuthenticatedDataCrc32c": string } |
Fields | |
---|---|
ciphertext |
Required. The encrypted data originally returned in A base64-encoded string. |
additional |
Optional. Optional data that must match the data originally supplied in A base64-encoded string. |
ciphertext |
Optional. An optional CRC32C checksum of the |
additional |
Optional. An optional CRC32C checksum of the |
Response body
Response message for KeyManagementService.Decrypt
.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"plaintext": string,
"plaintextCrc32c": string,
"usedPrimary": boolean,
"protectionLevel": enum ( |
Fields | |
---|---|
plaintext |
The decrypted data originally supplied in A base64-encoded string. |
plaintext |
Integrity verification field. A CRC32C checksum of the returned |
used |
Whether the Decryption was performed using the primary key version. |
protection |
The |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloudkms
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.