Method: cryptoKeys.decrypt

Full name: projects.locations.keyRings.cryptoKeys.decrypt

Decrypts data that was protected by cryptoKeys.encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

HTTP request

POST https://cloudkms.googleapis.com/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.

Authorization requires the following Google IAM permission on the specified resource name:

  • cloudkms.cryptoKeyVersions.useToDecrypt

Request body

The request body contains data with the following structure:

JSON representation
{
  "ciphertext": string,
  "additionalAuthenticatedData": string
}
Fields
ciphertext

string (bytes format)

Required. The encrypted data originally returned in EncryptResponse.ciphertext.

A base64-encoded string.

additionalAuthenticatedData

string (bytes format)

Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.

A base64-encoded string.

Response body

If successful, the response body contains data with the following structure:

Response message for KeyManagementService.Decrypt.

JSON representation
{
  "plaintext": string
}
Fields
plaintext

string (bytes format)

The decrypted data originally supplied in EncryptRequest.plaintext.

A base64-encoded string.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloudkms
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Try it!

Оцените, насколько информация на этой странице была вам полезна:

Оставить отзыв о...

Текущей странице