Decrypts ciphertext.
Operation description
Precautions
-
For information about the access policy required for a RAM user or RAM role to call this operation, see Resource Access Management.
-
You can call this operation using a shared gateway or a dedicated gateway. For more information, see Alibaba Cloud SDK.
Shared gateway: You can access KMS over the Internet or using a VPC domain name. To use a shared gateway, you must enable Internet access. For more information, see Access keys in a KMS instance over the Internet.
Dedicated gateway: You can access KMS using the private endpoint of KMS (
<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com).
QPS limits
Shared gateway: The queries per second (QPS) limit for a single user for this operation is 1,000. If this limit is exceeded, API calls are throttled, which may affect your business. We recommend that you plan your calls accordingly.
Dedicated gateway: The QPS limit for a single user for this operation is subject to the performance specifications of your KMS instance. For more information, see Performance metrics.
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| CiphertextBlob |
string |
Yes |
The ciphertext that you want to decrypt. |
DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK**** |
| EncryptionContext |
object |
No |
A JSON string that consists of key-value pairs. Note
If you specify EncryptionContext when you call the GenerateDataKey, Encrypt, or GenerateDataKeyWithoutPlaintext operation to encrypt data, you must specify the same parameter for decryption. For more information, see EncryptionContext. |
{"Example":"Example"} |
| DryRun |
string |
No |
Specifies whether to enable the dry run feature.
The dry run feature lets you test API calls, check whether you have the required permissions on resources, and check whether the request parameters are valid. If you enable the dry run feature, KMS always returns a failure response that indicates the cause of the failure. The following causes are possible:
|
false |
Response parameters
|
Parameter |
Type |
Description |
Example |
|
object |
|||
| KeyVersionId |
string |
The ID of the key version that is used to decrypt the ciphertext. This key version is a version of the master key. |
2ab1a983-7072-4bbc-a582-584b5bd8**** |
| KeyId |
string |
The ID of the master key that is used to decrypt the ciphertext. |
202b9877-5a25-46e3-a763-e20791b5**** |
| RequestId |
string |
The ID of the request. This ID is a globally unique identifier that is generated by Alibaba Cloud for the request. You can use the ID to troubleshoot issues. |
207596a2-36d3-4840-b1bd-f87044699bd7 |
| Plaintext |
string |
The decrypted plaintext. |
tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv**** |
Examples
Success response
JSON format
{
"KeyVersionId": "2ab1a983-7072-4bbc-a582-584b5bd8****",
"KeyId": "202b9877-5a25-46e3-a763-e20791b5****",
"RequestId": "207596a2-36d3-4840-b1bd-f87044699bd7",
"Plaintext": "tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****"
}Error response
JSON format
//xml response
202b9877-5a25-46e3-a763-e20791b5****
2ab1a983-7072-4bbc-a582-584b5bd8****
Plaintext</Plaintext>
<RequestId>4bd560a1-729e-45f1-a3d9-b2a33d61046b</RequestId>
</KMS></code>
</section>
<section class="section" cond-otherprops="errorcode" id="api-detail-45">
<h2 class="title sectiontitle" id="h2-url-6" baseUrl="t2858474_v1_0_0.xdita" docId="5523455" docType="TOPIC" data-node="5523455" data-latest="1" conref="t2858199.xdita#api-doc-error-code"></h2>
<table class="table" id="api-detail-46" style="margin-bottom:12px">
<colgroup id="doc-api-Ecs-DescribeRegions-entry-1">
<col id="doc-api-Ecs-DescribeRegions-entry-col-0" style="width:13.04%">
<col id="doc-api-Ecs-DescribeRegions-entry-col-1" style="width:21.73%">
<col id="doc-api-Ecs-DescribeRegions-entry-col-2" style="width:32.6%">
<col id="doc-api-Ecs-DescribeRegions-entry-col-3" style="width:32.6%">
</colgroup>
<thead class="thead">
<tr id="doc-api-Kms-Decrypt-errorCode-entry">
<th id="doc-api-Kms-Decrypt-errorCode-entry-th-1" colspan="1" rowspan="1" style="background-color:#e5e5e5;vertical-align:middle">
<p id="216169fbd14eu" conref="t2858199.xdita#api-doc-error-code-table-header-field-status-code" data-node="5523455" data-latest="1" baseUrl="t2858474_v1_0_0.xdita" docId="4958267" docType="DITA"></p>
</th>
<th id="doc-api-Kms-Decrypt-errorCode-entry-th-2" colspan="1" rowspan="1" style="background-color:#e5e5e5;vertical-align:middle">
<p id="e673e7a9490xb" conref="t2858199.xdita#api-doc-error-code-table-header-field-error-code" data-node="5523455" data-latest="1" baseUrl="t2858474_v1_0_0.xdita" docId="4958267" docType="DITA"></p>
</th>
<th id="doc-api-Kms-Decrypt-errorCode-entry-th-3" colspan="1" rowspan="1" style="background-color:#e5e5e5;vertical-align:middle">
<p id="b6c649b78fjmf" conref="t2858199.xdita#api-doc-error-code-table-header-field-error-message" data-node="5523455" data-latest="1" baseUrl="t2858474_v1_0_0.xdita" docId="4958267" docType="DITA"></p>
</th>
<th id="doc-api-Kms-Decrypt-errorCode-entry-th-4" colspan="1" rowspan="1" style="background-color:#e5e5e5;vertical-align:middle">
<p id="1ec898966evaw" conref="t2858199.xdita#api-doc-error-code-table-header-field-error-description" data-node="5523455" data-latest="1" baseUrl="t2858474_v1_0_0.xdita" docId="4958267" docType="DITA"></p>
</th>
</tr>
</thead>
<tbody class="tbody">
<tr id="doc-api-Kms-Decrypt-errorCode-UnsupportedOperation" class="entry colsep-1 rowsep-1 new-version row-level-1">
<td id="doc-api-Kms-Decrypt-errorCode-UnsupportedOperation-httpStatus">
<span>400</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-UnsupportedOperation-errorCode" data-spm-anchor-id="">
<span>UnsupportedOperation</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-UnsupportedOperation-errorMessage">
<span>This action is not supported.</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-UnsupportedOperation-description" data-spm-anchor-id="">
<span>The operation is not supported.</span>
</td>
</tr>
<tr id="doc-api-Kms-Decrypt-errorCode-Forbidden.AliasNotFound" class="entry colsep-1 rowsep-1 new-version row-level-1">
<td id="doc-api-Kms-Decrypt-errorCode-Forbidden.AliasNotFound-httpStatus">
<span>404</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Forbidden.AliasNotFound-errorCode" data-spm-anchor-id="">
<span>Forbidden.AliasNotFound</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Forbidden.AliasNotFound-errorMessage">
<span>The specified Alias is not found.</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Forbidden.AliasNotFound-description" data-spm-anchor-id="">
<span>The error message returned because the specified alias does not exist.</span>
</td>
</tr>
<tr id="doc-api-Kms-Decrypt-errorCode-Forbidden.KeyNotFound" class="entry colsep-1 rowsep-1 new-version row-level-1">
<td id="doc-api-Kms-Decrypt-errorCode-Forbidden.KeyNotFound-httpStatus">
<span>404</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Forbidden.KeyNotFound-errorCode" data-spm-anchor-id="">
<span>Forbidden.KeyNotFound</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Forbidden.KeyNotFound-errorMessage">
<span>The specified Key is not found.</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Forbidden.KeyNotFound-description" data-spm-anchor-id="">
<span>The error message returned because the specified CMK does not exist.</span>
</td>
</tr>
<tr id="doc-api-Kms-Decrypt-errorCode-Rejected.Disabled" class="entry colsep-1 rowsep-1 new-version row-level-1">
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.Disabled-httpStatus">
<span>409</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.Disabled-errorCode" data-spm-anchor-id="">
<span>Rejected.Disabled</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.Disabled-errorMessage">
<span>The request was rejected because the key state is Disabled.</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.Disabled-description" data-spm-anchor-id="">
<span>The request was rejected because the key state is Disabled.</span>
</td>
</tr>
<tr id="doc-api-Kms-Decrypt-errorCode-Rejected.PendingDeletion" class="entry colsep-1 rowsep-1 new-version row-level-1">
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.PendingDeletion-httpStatus">
<span>409</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.PendingDeletion-errorCode" data-spm-anchor-id="">
<span>Rejected.PendingDeletion</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.PendingDeletion-errorMessage">
<span>The request was rejected because the key state is PendingDeletion.</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.PendingDeletion-description" data-spm-anchor-id="">
<span>The request was rejected because the key state is PendingDeletion.</span>
</td>
</tr>
<tr id="doc-api-Kms-Decrypt-errorCode-Rejected.Unavailable" class="entry colsep-1 rowsep-1 new-version row-level-1">
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.Unavailable-httpStatus">
<span>409</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.Unavailable-errorCode" data-spm-anchor-id="">
<span>Rejected.Unavailable</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.Unavailable-errorMessage">
<span>The request was rejected because the key state is Unavailable.</span>
</td>
<td id="doc-api-Kms-Decrypt-errorCode-Rejected.Unavailable-description" data-spm-anchor-id="">
<span>The request was denied because the key status is unavailable.</span>
</td>
</tr>
</tbody>
</table>
<section id="api-detail-47" baseUrl="t2858199_v1_0_2.xdita" docId="5028902" docType="TOPIC" data-node="5523455" data-latest="1" conref="t2858199.xdita#api-detail-47">
<div data-tag="conref-replace" data-replace-type="attr" data-replace-id="api-doc-error-code-link-cn" data-replace-attr-key="href" data-replace-attr-value="https://api.aliyun.com/document/Kms/2016-01-20/errorCode"></div>
<div data-tag="conref-replace" data-replace-type="attr" data-replace-id="api-doc-error-code-link-intl" data-replace-attr-key="href" data-replace-attr-value="https://api.alibabacloud.com/document/Kms/2016-01-20/errorCode"></div>
</section>
</section>
<section class="section" id="changeList">
<h2 class="title sectiontitle" id="workbench-doc-change-demo" conref="t2858199.xdita#api-doc-change-history" data-node="5523455" data-latest="1" baseUrl="t2858474_v1_0_0.xdita" docId="5523455" docType="TOPIC"></h2>
<section id="api-doc-change-history-more-info" baseUrl="t2858199_v1_0_3.xdita" docId="5213447" docType="TOPIC" data-node="5523455" data-latest="1" conref="t2858199.xdita#api-doc-change-history-more-info">
<div data-tag="conref-replace" data-replace-id="api-doc-change-history-more-info-operation-link-cn" data-replace-type="attr" data-replace-attr-key="href" data-replace-attr-value="https://api.aliyun.com/document/Kms/2016-01-20/Decrypt#workbench-doc-change-demo"></div>
<div data-tag="conref-replace" data-replace-id="api-doc-change-history-more-info-operation-link-intl" data-replace-type="attr" data-replace-attr-key="href" data-replace-attr-value="https://api.alibabacloud.com/document/Kms/2016-01-20/Decrypt#workbench-doc-change-demo"></div>
</section>
</section>
</div>
</main>
</body>
</html>
</plaintext></kms></code></section></div></main></body></html>