Struct: kms.DecryptInput

import "../ibm-cos-sdk-go/service/kms"

Implemented Interfaces

s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom

Structure Field Summary

• CiphertextBlob []byte

  Ciphertext to be decrypted.

• EncryptionAlgorithm *string

  Specifies the encryption algorithm that will be used to decrypt the ciphertext.

• EncryptionContext map[string]*string

  Specifies the encryption context to use when decrypting the data.

• GrantTokens []*string

  A list of grant tokens.

• KeyId *string

  Specifies the KMS key that KMS uses to decrypt the ciphertext.

• _ struct{}

Service Operations

• GoString() string operation

  GoString returns the string representation.

• SetCiphertextBlob([]byte) *DecryptInput operation

  SetCiphertextBlob sets the CiphertextBlob field's value.

• SetEncryptionAlgorithm(string) *DecryptInput operation

  SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.

• SetEncryptionContext(map[string]*string) *DecryptInput operation

  SetEncryptionContext sets the EncryptionContext field's value.

• SetGrantTokens([]*string) *DecryptInput operation

  SetGrantTokens sets the GrantTokens field's value.

• SetKeyId(string) *DecryptInput operation

  SetKeyId sets the KeyId field's value.

• String() string operation

  String returns the string representation.

• Validate() error operation

  Validate inspects the fields of the type to determine if they are valid.

Structure Field Details

CiphertextBlob []byte `min:"1" type:"blob" required:"true"`

Ciphertext to be decrypted. The blob includes metadata. CiphertextBlob is automatically base64 encoded/decoded by the SDK.

CiphertextBlob is a required field

EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"`

Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify the same algorithm that was used to encrypt the data. If you specify a different algorithm, the Decrypt operation fails.

This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, represents the only supported algorithm that is valid for symmetric encryption KMS keys.

EncryptionContext map[string]*string `type:"map"`

Specifies the encryption context to use when decrypting the data. An encryption context is valid only for cryptographic operations (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.

An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

For more information, see Encryption context (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the Key Management Service Developer Guide.

GrantTokens []*string `type:"list"`

A list of grant tokens.

For more information, see Grant Tokens (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.

KeyId *string `min:"1" type:"string"`

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the Decrypt operation throws an IncorrectKeyException.

This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with “alias/”. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

_ struct{} `type:"structure"`

Method Details

func (s DecryptInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.

// File 'service/kms/api.go', line 10024

func (s DecryptInput) GoString() string {
	return s.String()
}

func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput

SetCiphertextBlob sets the CiphertextBlob field's value.

// File 'service/kms/api.go', line 10048

func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput {
	s.CiphertextBlob = v
	return s
}

func (s *DecryptInput) SetEncryptionAlgorithm(v string) *DecryptInput

SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.

// File 'service/kms/api.go', line 10054

func (s *DecryptInput) SetEncryptionAlgorithm(v string) *DecryptInput {
	s.EncryptionAlgorithm = &v
	return s
}

func (s *DecryptInput) SetEncryptionContext(v map[string]*string) *DecryptInput

SetEncryptionContext sets the EncryptionContext field's value.

// File 'service/kms/api.go', line 10060

func (s *DecryptInput) SetEncryptionContext(v map[string]*string) *DecryptInput {
	s.EncryptionContext = v
	return s
}

func (s *DecryptInput) SetGrantTokens(v []*string) *DecryptInput

SetGrantTokens sets the GrantTokens field's value.

// File 'service/kms/api.go', line 10066

func (s *DecryptInput) SetGrantTokens(v []*string) *DecryptInput {
	s.GrantTokens = v
	return s
}

func (s *DecryptInput) SetKeyId(v string) *DecryptInput

SetKeyId sets the KeyId field's value.

// File 'service/kms/api.go', line 10072

func (s *DecryptInput) SetKeyId(v string) *DecryptInput {
	s.KeyId = &v
	return s
}

func (s DecryptInput) String() string

String returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.

// File 'service/kms/api.go', line 10015

func (s DecryptInput) String() string {
	return awsutil.Prettify(s)
}

func (s *DecryptInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

// File 'service/kms/api.go', line 10029

func (s *DecryptInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DecryptInput"}
	if s.CiphertextBlob == nil {
		invalidParams.Add(request.NewErrParamRequired("CiphertextBlob"))
	}
	if s.CiphertextBlob != nil && len(s.CiphertextBlob) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CiphertextBlob", 1))
	}
	if s.KeyId != nil && len(*s.KeyId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("KeyId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}