Struct: kms.DecryptInput
Implemented Interfaces
s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom
Structure Field Summary collapse
-
CiphertextBlob []byte
Ciphertext to be decrypted.
-
EncryptionAlgorithm *string
Specifies the encryption algorithm that will be used to decrypt the ciphertext.
-
EncryptionContext map[string]*string
Specifies the encryption context to use when decrypting the data.
-
GrantTokens []*string
A list of grant tokens.
-
KeyId *string
Specifies the KMS key that KMS uses to decrypt the ciphertext.
- _ struct{}
Service Operations collapse
-
GoString() string
operation
GoString returns the string representation.
-
SetCiphertextBlob([]byte) *DecryptInput
operation
SetCiphertextBlob sets the CiphertextBlob field's value.
-
SetEncryptionAlgorithm(string) *DecryptInput
operation
SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.
-
SetEncryptionContext(map[string]*string) *DecryptInput
operation
SetEncryptionContext sets the EncryptionContext field's value.
-
SetGrantTokens([]*string) *DecryptInput
operation
SetGrantTokens sets the GrantTokens field's value.
-
SetKeyId(string) *DecryptInput
operation
SetKeyId sets the KeyId field's value.
-
String() string
operation
String returns the string representation.
-
Validate() error
operation
Validate inspects the fields of the type to determine if they are valid.
Structure Field Details
CiphertextBlob []byte
`min:"1" type:"blob" required:"true"`
Ciphertext to be decrypted. The blob includes metadata. CiphertextBlob is automatically base64 encoded/decoded by the SDK.
CiphertextBlob is a required field
EncryptionAlgorithm *string
`type:"string" enum:"EncryptionAlgorithmSpec"`
Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify the same algorithm that was used to encrypt the data. If you specify a different algorithm, the Decrypt operation fails.
This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, represents the only supported algorithm that is valid for symmetric encryption KMS keys.
EncryptionContext map[string]*string
`type:"map"`
Specifies the encryption context to use when decrypting the data. An encryption context is valid only for cryptographic operations (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.
An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.
For more information, see Encryption context (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the Key Management Service Developer Guide.
GrantTokens []*string
`type:"list"`
A list of grant tokens.
For more information, see Grant Tokens (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.
KeyId *string
`min:"1" type:"string"`
Specifies the KMS key that KMS uses to decrypt the ciphertext.
Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the Decrypt operation throws an IncorrectKeyException.
This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.
To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with “alias/”. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
-
Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
-
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
-
Alias name: alias/ExampleAlias
-
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.
_ struct{}
`type:"structure"`
Method Details
func (s DecryptInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
10024 10025 10026 |
// File 'service/kms/api.go', line 10024
|
func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput
SetCiphertextBlob sets the CiphertextBlob field's value.
10048 10049 10050 10051 |
// File 'service/kms/api.go', line 10048
|
func (s *DecryptInput) SetEncryptionAlgorithm(v string) *DecryptInput
SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.
10054 10055 10056 10057 |
// File 'service/kms/api.go', line 10054
|
func (s *DecryptInput) SetEncryptionContext(v map[string]*string) *DecryptInput
SetEncryptionContext sets the EncryptionContext field's value.
10060 10061 10062 10063 |
// File 'service/kms/api.go', line 10060
|
func (s *DecryptInput) SetGrantTokens(v []*string) *DecryptInput
SetGrantTokens sets the GrantTokens field's value.
10066 10067 10068 10069 |
// File 'service/kms/api.go', line 10066
|
func (s *DecryptInput) SetKeyId(v string) *DecryptInput
SetKeyId sets the KeyId field's value.
10072 10073 10074 10075 |
// File 'service/kms/api.go', line 10072
|
func (s DecryptInput) String() string
String returns the string representation.
API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.
10015 10016 10017 |
// File 'service/kms/api.go', line 10015
|
func (s *DecryptInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
10029 10030 10031 10032 10033 10034 10035 10036 10037 10038 10039 10040 10041 10042 10043 10044 10045 |
// File 'service/kms/api.go', line 10029
|