Decrypt
- Print
- PDF
Decrypt
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Available in Classic and VPC
Decrypt the ciphertext encrypted with a key. It can only be requested as an AES256 or RSA2048 key type.
Caution
The data encrypted with the master key and returned consists of KMS prefix + ciphertext. The KMS prefix is composed of ncpkms:version information, and it must be specified exactly with the ciphertext because it will be decrypted with the key version specified in the decryption request. If the KMS prefix is incorrect, it will not be decrypted correctly, so be sure to manage the encryption in the form it is returned, with no arbitrary removals or manipulations.
ncpkms:v1:XjsPWPjqPrBi1N2DupSiSbX/ATkGmKA
---------- -------------------------------
KMS prefix ciphertext
Request
This section describes the request format. The method and URI are as follows:
| Method | URI |
|---|---|
| POST |
|
Request headers
For information about the headers common to all Key Management Service APIs, see Key Management Service request headers.
Request path parameters
You can use the following path parameters with your request:
| Field | Type | Required | Description |
|---|---|---|---|
keyTag | String | Required | Key tag
|
Request body
You can include the following data in the body of your request:
| Field | Type | Required | Description |
|---|---|---|---|
ciphertext | String or Array<String> | Required | String data created by encrypting a plaintext |
context | String | Conditional | Base64-encoded string data
|
Request example
The request example is as follows:
- Request API Gateway request signature v1 and
ciphertextas String type
curl --location --request POST 'https://kms.apigw.ntruss.com/keys/v1/a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6/decrypt' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-apigw-api-key: {API Gateway API Key}' \
--header 'x-ncp-iam-access-key: {Sub Account Access Key}' \
--header 'x-ncp-apigw-signature-v1: {API Gateway Signature}' \
--data '{
"ciphertext": "{CIPHERTEXT}",
"context": "{BASE64_CONTEXT}"
}'
- Request API Gateway request signature v and
ciphertextas Array<String> type
curl --location --request POST 'https://kms.apigw.ntruss.com/keys/v2/a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6/decrypt' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Sub Account Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--data '{
"ciphertext": ["{CIPHERTEXT_1}", "{CIPHERTEXT_2}", "{CIPHERTEXT_3}"],
"context": "{BASE64_CONTEXT}"
}'
Response
This section describes the response format.
Response body
The response body includes the following data:
| Field | Type | Required | Description |
|---|---|---|---|
code | String | - | Success or Failure |
msg | String | - | Description of the response code (code)SUCCESS) |
data | Object | - | Response result |
data.plaintext | String or Array<String> | - | Decrypted string data
|
Response status codes
For response status codes common to all Key Management Service APIs, see Key Management Service response status codes.
Response example
The response example is as follows:
- Request
ciphertextas String type
{
"code": "SUCCESS",
"msg": "",
"data": {
"plaintext": "{BASE64_PLAINTEXT}"
}
}
- Request
ciphertextas Array<String> type
{
"code": "SUCCESS",
"msg": "",
"data": {
"plaintext": [
"{BASE64_PLAINTEXT_1}",
"{BASE64_PLAINTEXT_2}",
"{BASE64_PLAINTEXT_3}"
]
}
}
Was this article helpful?