Decrypting a DEK
Function
This API enables you to decrypt a DEK using a specified CMK.
Constraints
Decrypted data is the result in the encrypted data.
URI
POST /v1.0/{project_id}/kms/decrypt-datakey
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. The token can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
key_id |
Yes |
String |
CMK ID. It should be 36 bytes and match the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$. Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f |
|
encryption_context |
No |
Object |
Key-value pairs with a maximum length of 8,192 characters. This parameter is used to record resource context information, excluding sensitive information, to ensure data integrity. If this parameter is specified during encryption, it is also required for decryption. Example: {"Key1":"Value1","Key2":"Value2"} |
|
cipher_text |
Yes |
String |
Hexadecimal string of the DEK ciphertext and the metadata. It is the value of cipher_text in the encryption result. |
|
datakey_cipher_length |
Yes |
String |
Number of bytes of a key. The value range is 1 to 1024. Number of bytes of a key. The value is 64. |
|
sequence |
No |
String |
36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
data_key |
String |
Hexadecimal string of the plaintext of a DEK |
|
datakey_length |
String |
Length of a plaintext DEK, in bytes. |
|
datakey_dgst |
String |
Hexadecimal string corresponding to the SHA-256 hash value of the plaintext of a DEK. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error information. |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error information. |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error information. |
Example Requests
{
"key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
"cipher_text" : "020098005273E14E6E8E95F5463BECDC27E80AFxxxxxxxxxx...",
"datakey_cipher_length" : "64"
}
Example Responses
Status code: 200
Request processing succeeded.
{
"data_key" : "000000e724d9cb35df84bb474a37fXXX...",
"datakey_length" : "64",
"datakey_dgst" : "F5A5FD42D16A20302798EF6ED3099XXX..."
}
Status code: 400
Invalid request parameters.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status code: 403
Authentication failed.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status code: 404
The requested resource does not exist or is not found.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request processing succeeded. |
|
400 |
Invalid request parameters. |
|
403 |
Authentication failed. |
|
404 |
The requested resource does not exist or is not found. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
