- What's New
- Function Overview
- Service Overview
-
Billing
- Billing Overview
- Billing Modes
- Billing Items
- Billing Examples
- Renewing Subscriptions
- Bills
- Arrears
- Billing Termination
- Cost Management
-
Billing FAQs
- How Is DEW Charged?
- How Do I Renew DEW?
- How Do I Unsubscribe from DEW?
- Will a CMK Be Charged After It Is Disabled?
- Are Credentials Scheduled to Be Deleted Billed?
- Will a CMK Be Charged After It Is Scheduled to Delete?
- How Is Rotation Charged for a CMK?
- How Is RDS Encryption Billed?
- How Is It Charged for Replica Keys?
- Getting Started
- User Guide
-
Best Practices
- Key Management Service
- Cloud Secret Management Service
- General
- KMS Best Practices
- CSMS Best Practices
-
API Reference
- Before You Start
- Calling APIs
- API Overview
-
APIs
- Key Management APIs
-
Key Pair Management APIs
-
Key Pair Management
- Creating and Importing an SSH Key Pair
- Accessing the page for clearing private keys
- Querying the SSH Key Pair List
- Querying SSH Key Pair Details
- Deleting an SSH Key Pair
- Updating SSH Key Pair Description
- Accessing the page for importing private keys
- Exporting a private key
- Importing SSH Key Pairs in Batches
- Exporting Private Keys of Key Pairs in Batches
- Key pair task management
-
Key Pair Management
- Secret Management APIs
- Historical APIs
- Application Examples
- Permissions Policies and Supported Actions
- Appendix
- SDK Reference
-
FAQs
- About DEW
-
KMS Related
- Which Cloud Services Are Provided with Default Keys by KMS?
- What Are the Differences Between a Custom Key and a Default Key?
- How Do I Use a DEK?
- Why Cannot I Delete a CMK Immediately?
- Which Cloud Services Can Use KMS for Encryption?
- How Do Huawei Cloud Services Use KMS to Encrypt Data?
- What Are the Benefits of Envelope Encryption?
- Is There a Limit on the Number of Custom Keys That I Can Create on KMS?
- Can I Export a CMK from KMS?
- Can I Decrypt My Data if I Permanently Delete My Custom Key?
- Can I Update CMKs Created by KMS-Generated Key Materials?
- When Should I Use a CMK Created with Imported Key Materials?
- What Should I Do When I Accidentally Delete Key Materials?
- How Are Default Keys Generated?
- What Should I Do If I Do Not Have the Permissions to Perform Operations on KMS?
- Why Can't I Wrap Asymmetric Keys by Using -id-aes256-wrap-pad in OpenSSL?
- Key Algorithms Supported by KMS
- What Should I Do If KMS Failed to Be Requested and Error Code 401 Is Displayed?
- What Is the Relationship Between the Ciphertext and Plaintext Returned by the encrypt-data API?
- How Does KMS Protect My Keys?
- How Do I Use an Asymmetric Key to Verify the Signature Result of a Public Key Pair?
- Does an Imported Key Support Rotation?
- Does KMS Support Offline Data Encryption and Decryption?
- How Do I Convert an Original EC Private Key into a Private Key in PKCS8 Format?
- CSMS Related
-
KPS Related
- How Do I Handle an Import Failure of a Key Pair Created Using PuTTYgen?
- What Should I Do When I Fail to Import a Key Pair Using Internet Explorer 9?
- How Do I Handle the Failure in Binding a Key Pair?
- How Do I Handle the Failure in Replacing a Key Pair?
- How Do I Handle the Failure in Resetting a Key Pair?
- How Do I Handle the Failure in Unbinding a Key Pair?
- Do I Need to Restart Servers After Replacing Its Key Pair?
- How Do I Enable the Password Login Mode for an ECS?
- How Do I Handle the Failure in Logging In to ECS After Unbinding the Key Pair?
- What Should I Do If My Private Key Is Lost?
- How Do I Convert the Format of a Private Key File?
- Can I Change the Key Pair of a Server?
- Can a Key Pair Be Shared by Multiple Users?
- How Do I Obtain the Public or Private Key File of a Key Pair?
- What Can I Do If an Error Is Reported When an Account Key Is Created or Upgraded for the First Time?
- Will the Account Key Pair Quota Be Occupied After a Private Key Pair Is Upgraded to an Account Key Pair?
- Why Is the Private Key Pair Invisible After It Is Upgraded to an Account Key Pair When Logging in as a Federated User?
-
Dedicated HSM Related
- How Does Dedicated HSM Ensure the Security for Key Generation?
- Do Equipment Room Personnel Has the Super Administrator Role to Steal Information by Using a Privileged UKey?
- What HSMs Are Used for Dedicated HSM?
- What APIs Does Dedicated HSM Support?
- How Do I Enable Public Access to a Dedicated HSM Instance?
- Videos
-
More Documents
- User Guide (ME-Abu Dhabi Region)
- User Guide (Paris and Amsterdam Regions)
-
User Guide (Kuala Lumpur Region)
- Service Overview
-
User Guide
- Key Management Service
- Cloud Secret Management Service
- Auditing Logs
- Permission Control
-
FAQs
-
KMS Related
- What Is Key Management Service?
- What Is a Customer Master Key?
- What Is a Default Key?
- What Are the Differences Between a Custom Key and a Default Key?
- What Is a Data Encryption Key?
- Why Cannot I Delete a CMK Immediately?
- Which Cloud Services Can Use KMS for Encryption?
- How Do Cloud Services Use KMS to Encrypt Data?
- What Are the Benefits of Envelope Encryption?
- Is There a Limit on the Number of Custom Keys That I Can Create on KMS?
- Can I Export a CMK from KMS?
- Can I Decrypt My Data if I Permanently Delete My Custom Key?
- How Do I Use the Online Tool to Encrypt or Decrypt Small Volumes of Data?
- Can I Update CMKs Created by KMS-Generated Key Materials?
- When Should I Use a CMK Created with Imported Key Materials?
- What Types of Keys Can I Import?
- What Should I Do When I Accidentally Delete Key Materials?
- How Are Default Keys Generated?
- What Should I Do If I Do Not Have the Permissions to Perform Operations on KMS?
- Why Can't I Wrap Asymmetric Keys by Using -id-aes256-wrap-pad in OpenSSL?
- Key Algorithms Supported by KMS
- What Should I Do If KMS Failed to Be Requested and Error Code 401 Is Displayed?
- What Is the Relationship Between the Ciphertext and Plaintext Returned by the encrypt-data API?
- How Does KMS Protect My Keys?
- Credential Related
-
KMS Related
- Change History
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- Calling APIs
- API Overview
-
APIs
- Creating a CMK
- Enabling a CMK
- Disabling a CMK
- Scheduling the Deletion of a CMK
- Canceling the Scheduled Deletion of a CMK
- Querying the List of CMKs
- Querying the Information About a CMK
- Creating a Random Number
- Creating a DEK
- Creating a Plaintext-Free DEK
- Encrypting a DEK
- Decrypting a DEK
- Querying the Number of Instances
- Querying the Quota of a User
- Changing the Alias of a CMK
- Changing the Description of a CMK
- Encrypting Data
- Decrypting Data
- Obtaining CMK Import Parameters
- Importing CMK Material
- Deleting CMK Material
- Querying CMK Instances
- Querying CMK Tags
- Querying Project Tags
- Adding or Deleting CMK Tags in Batches
- Adding a CMK Tag
- Deleting a CMK Tag
- Permissions Policies and Supported Actions
- Appendix
- Change History
-
API Reference (Paris and Amsterdam Regions)
- Before You Start
- Calling APIs
- API Overview
-
APIs
- Creating a CMK
- Enabling a CMK
- Disabling a CMK
- Scheduling the Deletion of a CMK
- Canceling the Scheduled Deletion of a CMK
- Querying the List of CMKs
- Querying the Information About a CMK
- Creating a Random Number
- Creating a DEK
- Creating a Plaintext-Free DEK
- Encrypting a DEK
- Decrypting a DEK
- Querying the Number of Instances
- Querying the Quota of a User
- Changing the Alias of a CMK
- Changing the Description of a CMK
- Creating a Grant
- Revoking a Grant
- Retiring a Grant
- Querying Grants on a CMK
- Querying Grants That Can Be Retired
- Encrypting Data
- Decrypting Data
- Obtaining CMK Import Parameters
- Importing CMK Material
- Deleting CMK Material
- Enabling Rotation for a CMK
- Changing the Rotation Interval for a CMK
- Disabling Rotation for a CMK
- Querying the Rotation Status of a CMK
- Appendix
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- Calling APIs
- API Overview
-
APIs
- Creating a CMK
- Enabling a CMK
- Disabling a CMK
- Scheduling the Deletion of a CMK
- Canceling the Scheduled Deletion of a CMK
- Querying the List of CMKs
- Querying the Information About a CMK
- Creating a Random Number
- Creating a DEK
- Creating a Plaintext-Free DEK
- Encrypting a DEK
- Decrypting a DEK
- Querying the Number of Instances
- Querying the Quota of a User
- Changing the Alias of a CMK
- Changing the Description of a CMK
- Creating a Grant
- Revoking a Grant
- Retiring a Grant
- Querying Grants on a CMK
- Querying Grants That Can Be Retired
- Encrypting Data
- Decrypting Data
- Obtaining CMK Import Parameters
- Importing CMK Material
- Deleting CMK Material
- Enabling Rotation for a CMK
- Changing the Rotation Interval for a CMK
- Disabling Rotation for a CMK
- Querying the Rotation Status of a CMK
- Appendix
- Change History
- General Reference
Copied.
Decrypting Data
Function
-
Description:This API is used to decrypt data.
Constraints
-
To decrypt data that was encrypted using an asymmetric key, specify the key ID and encryption algorithm. If the specified key and encryption algorithm do not match those used for data encryption, the decryption will fail.
URI
POST /v1.0/{project_id}/kms/decrypt-data
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API that is used for obtaining a user token. The value of X-Subject-Token in the response header is the user token. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
cipher_text |
Yes |
String |
Ciphertext of encrypted data. Its is the value of cipher_text in the data encryption result and matches the regular expression ^[0-9a-zA-Z+/=]{188,5648}$. |
|
encryption_algorithm |
No |
String |
Data encryption algorithm. This parameter must be specified if an asymmetric key is used. The default value is SYMMETRIC_DEFAULT. Valid values are as follows:
|
|
key_id |
No |
String |
36-byte ID of a CMK that matches the regular expression ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$. This parameter must be specified if the ciphertext is encrypted using an asymmetric key. Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f |
|
sequence |
No |
String |
36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
key_id |
String |
Key ID. |
|
plain_text |
String |
Plaintext. |
|
plain_text_base64 |
String |
Base64 value in plaintext. In asymmetric encryption, if the encrypted plaintext contains invisible characters, the Base64 value will be used as the decryption result. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned for an error request. |
|
error_msg |
String |
Error information returned for an error request. |
Status code: 401
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned for an error request. |
|
error_msg |
String |
Error information returned for an error request. |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned for an error request. |
|
error_msg |
String |
Error information returned for an error request. |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned for an error request. |
|
error_msg |
String |
Error information returned for an error request. |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned for an error request. |
|
error_msg |
String |
Error information returned for an error request. |
Status code: 502
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned for an error request. |
|
error_msg |
String |
Error information returned for an error request. |
Status code: 504
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned for an error request. |
|
error_msg |
String |
Error information returned for an error request. |
Example Requests
{
"cipher_text" : "AgDoAG7EsEc2OHpQxz4gDFDH54Cqwaelxxxxxxx",
"encryption_algorithm" : "SYMMETRIC_DEFAULT"
}Example Responses
Status code: 200
Request processing succeeded.
{
"key_id" : "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
"plain_text" : "hello world",
"plain_text_base64" : "aGVsbG8gd29ybGQ="
}Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request processing succeeded. |
|
400 |
Invalid request parameters. |
|
401 |
You must enter a username and password to access the requested page. |
|
403 |
Authentication failed. |
|
404 |
The requested resource does not exist or is not found. |
|
500 |
Internal service error. |
|
502 |
Failed to complete the request. The server received an invalid response. |
|
504 |
Gateway timed out. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
