Full name: projects.locations.keyRings.cryptoKeys.decrypt
Decrypts data that was protected by cryptoKeys.encrypt
. The CryptoKey.purpose
must be ENCRYPT_DECRYPT
.
HTTP request
POST https://cloudkms.googleapis.com/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
Required. The resource name of the Authorization requires the following IAM permission on the specified resource
|
Request body
The request body contains data with the following structure:
JSON representation | |
---|---|
{ "ciphertext": string, "additionalAuthenticatedData": string, "ciphertextCrc32c": string, "additionalAuthenticatedDataCrc32c": string } |
Fields | |
---|---|
ciphertext |
Required. The encrypted data originally returned in A base64-encoded string. |
additionalAuthenticatedData |
Optional. Optional data that must match the data originally supplied in A base64-encoded string. |
ciphertextCrc32c |
Optional. An optional CRC32C checksum of the NOTE: This field is in Beta. |
additionalAuthenticatedDataCrc32c |
Optional. An optional CRC32C checksum of the NOTE: This field is in Beta. |
Response body
If successful, the response body contains data with the following structure:
Response message for KeyManagementService.Decrypt
.
JSON representation | |
---|---|
{ "plaintext": string, "plaintextCrc32c": string } |
Fields | |
---|---|
plaintext |
The decrypted data originally supplied in A base64-encoded string. |
plaintextCrc32c |
Integrity verification field. A CRC32C checksum of the returned NOTE: This field is in Beta. |
Authorization Scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloudkms
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.