• Key Management Service

kms
  1. Help Center
  2. Key Management Service
  3. API Reference
  4. APIs
  5. Decrypting a DEK

Decrypting a DEK

Function

This API enables you to decrypt a DEK using a specified CMK.

NOTE:

Decrypted data is the result in the encrypted data.

URI

  • URI format

    POST /v1.0/{project_id}/kms/decrypt-datakey

  • Parameter description

    Parameter

    Mandatory

    Type

    Description

    project_id

    Yes

    String

    Project ID

Requests

Request parameters

Parameter

Type

Mandatory

Description

key_id

String

Yes

36-byte ID of a CMK that matches the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$

Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f

encryption_context

dict

No

Key-value pairs with a maximum length of 8192 characters. This parameter is used to record resource context information, excluding sensitive information.

Example: {"Key1":"Value1","Key2":"Value2"}

cipher_text

String

Yes

This parameter indicates the hexadecimal character string of the DEK ciphertext and the metadata. The value is the cipher_text value in the encryption result of a DEK.

datakey_cipher_length

String

Yes

Number of bytes of a key. The value is 64.

sequence

String

No

36-byte serial number of a request message

Example: 919c82d4-8046-4722-9094-35c3c6524cff

Responses

Response parameters

Parameter

Type

Mandatory

Description

data_key

String

Yes

Hexadecimal character string of the plaintext of a DEK

datakey_length

String

Yes

Number of bytes in the length of the plaintext of a DEK

datakey_dgst

String

Yes

Hexadecimal character string corresponding to the SHA-256 hash value of the plaintext of a DEK

Examples

The following is an example about how to use a CMK (ID: 0d0466b0-e727-4d9c-b35d-f84bb474a37f) to decrypt a DEK (ciphertext: 020098005273E14E6E8E95F5463BECDC27E80AF820B9FC086CB47861899149F67CF07DAFF2810B7D27BDF19AB7632488E0926A48DB2FC85BEA905119411B46244C5E6B8036C60A0B0B4842FFE6994518E89C19B1C1D688D9043BCD6053EA7BA0652642CE59F2543C80669139F4F71ABB9BD9A24330643034363662302D653732372D346439632D623335642D66383462623437346133376600000000D34457984F9730D57F228C210FD22CA6017913964B21D4ECE45D81092BB9112E; length: 64 bits).

  • Example request
    {
        "key_id": "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
        "datakey_cipher_length": "64",
        "cipher_text": "020098005273E14E6E8E95F5463BECDC27E80AF820B9FC086CB47861899149F67CF07DAFF2810B7D27BDF19AB7632488E0926A48DB2FC85BEA905119411B46244C5E6B8036C60A0B0B4842FFE6994518E89C19B1C1D688D9043BCD6053EA7BA0652642CE59F2543C80669139F4F71ABB9BD9A24330643034363662302D653732372D346439632D623335642D66383462623437346133376600000000D34457984F9730D57F228C210FD22CA6017913964B21D4ECE45D81092BB9112E"
    }
  • Example response
    {
        "data_key": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "datakey_length": "64",
        "datakey_dgst": "F5A5FD42D16A20302798EF6ED309979B43003D2320D9F0E8EA9831A92759FB4B"
    }

    or

    {
        "error": {
            "error_code": "KMS.XXXX",
            "error_msg": "XXX"
        }
    }

Status Codes

Table 1 lists the normal status code returned by the response.
Table 1 Status codes

Status Code

Status

Description

200

OK

Request processed successfully.

Exception status code. For details, see Status Codes.