Struct: kms.DecryptInput

import "../ibm-cos-sdk-go/service/kms"

Implemented Interfaces

s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom

Structure Field Summary collapse

Service Operations collapse

Structure Field Details

CiphertextBlob []byte `min:"1" type:"blob" required:"true"`

Ciphertext to be decrypted. The blob includes metadata. CiphertextBlob is automatically base64 encoded/decoded by the SDK.

CiphertextBlob is a required field

EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"`

Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify the same algorithm that was used to encrypt the data. If you specify a different algorithm, the Decrypt operation fails.

This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, represents the only supported algorithm that is valid for symmetric encryption KMS keys.

EncryptionContext map[string]*string `type:"map"`

Specifies the encryption context to use when decrypting the data. An encryption context is valid only for cryptographic operations (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.

An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

For more information, see Encryption context (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the Key Management Service Developer Guide.

GrantTokens []*string `type:"list"`

A list of grant tokens.

For more information, see Grant Tokens (docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) in the AWS Key Management Service Developer Guide.

KeyId *string `min:"1" type:"string"`

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the Decrypt operation throws an IncorrectKeyException.

This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with “alias/”. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

  • Alias name: alias/ExampleAlias

  • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

_ struct{} `type:"structure"`

Method Details

func (s DecryptInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.



10024
10025
10026
// File 'service/kms/api.go', line 10024

func (s DecryptInput) GoString() string { return s.String() }

func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput

SetCiphertextBlob sets the CiphertextBlob field's value.



10048
10049
10050
10051
// File 'service/kms/api.go', line 10048

func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput { s.CiphertextBlob = v return s }

func (s *DecryptInput) SetEncryptionAlgorithm(v string) *DecryptInput

SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value.



10054
10055
10056
10057
// File 'service/kms/api.go', line 10054

func (s *DecryptInput) SetEncryptionAlgorithm(v string) *DecryptInput { s.EncryptionAlgorithm = &v return s }

func (s *DecryptInput) SetEncryptionContext(v map[string]*string) *DecryptInput

SetEncryptionContext sets the EncryptionContext field's value.



10060
10061
10062
10063
// File 'service/kms/api.go', line 10060

func (s *DecryptInput) SetEncryptionContext(v map[string]*string) *DecryptInput { s.EncryptionContext = v return s }

func (s *DecryptInput) SetGrantTokens(v []*string) *DecryptInput

SetGrantTokens sets the GrantTokens field's value.



10066
10067
10068
10069
// File 'service/kms/api.go', line 10066

func (s *DecryptInput) SetGrantTokens(v []*string) *DecryptInput { s.GrantTokens = v return s }

func (s *DecryptInput) SetKeyId(v string) *DecryptInput

SetKeyId sets the KeyId field's value.



10072
10073
10074
10075
// File 'service/kms/api.go', line 10072

func (s *DecryptInput) SetKeyId(v string) *DecryptInput { s.KeyId = &v return s }

func (s DecryptInput) String() string

String returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.



10015
10016
10017
// File 'service/kms/api.go', line 10015

func (s DecryptInput) String() string { return awsutil.Prettify(s) }

func (s *DecryptInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.



10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
// File 'service/kms/api.go', line 10029

func (s *DecryptInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DecryptInput"} if s.CiphertextBlob == nil { invalidParams.Add(request.NewErrParamRequired("CiphertextBlob")) } if s.CiphertextBlob != nil && len(s.CiphertextBlob) < 1 { invalidParams.Add(request.NewErrParamMinLen("CiphertextBlob", 1)) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil }