Mendekripsi ciphertext yang dienkripsi menggunakan CMK.
Deskripsi operasi
Precautions
-
For information about the access policy required for a RAM user or RAM role to call this operation, see Resource Access Management.
-
This operation can be called through a shared gateway or a dedicated gateway. For more information, see Alibaba Cloud SDK.
-
Shared gateway: You can access KMS over the Internet or using a VPC domain name. To use a shared gateway, you must enable Internet access. For more information, see Access keys in a KMS instance over the Internet.
-
Dedicated gateway: You can access KMS using the private endpoint of KMS (
<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com).
-
QPS limits
-
Shared gateway: The queries per second (QPS) limit for a single user for this operation is 1,000. If this limit is exceeded, API calls are throttled, which may affect your business. We recommend that you plan your calls accordingly.
-
Dedicated gateway: The QPS limit for a single user for this operation is subject to the performance specifications of your KMS instance. For more information, see Performance metrics.
Coba sekarang
Test
RAM authorization
Parameter permintaan
|
Parameter |
Type |
Required |
Description |
Example |
| CiphertextBlob |
string |
Yes |
Ciphertext yang ingin Anda dekripsi. |
DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK**** |
| EncryptionContext |
object |
No |
String JSON yang terdiri dari pasangan kunci-nilai. Catatan
Jika Anda menentukan EncryptionContext saat memanggil operasi GenerateDataKey, Encrypt, atau GenerateDataKeyWithoutPlaintext untuk mengenkripsi data, Anda harus menentukan parameter yang sama untuk dekripsi. Untuk informasi selengkapnya, lihat EncryptionContext. |
{"Example":"Example"} |
| DryRun |
string |
No |
Apakah akan mengaktifkan fitur dry run.
Fitur dry run memungkinkan Anda menguji panggilan API, memeriksa apakah Anda memiliki izin yang diperlukan pada Sumber daya, dan memeriksa apakah parameter permintaan valid. Jika Anda mengaktifkan fitur dry run, KMS selalu mengembalikan tanggapan kegagalan yang menunjukkan penyebab kegagalan. Penyebab yang mungkin terjadi adalah sebagai berikut:
|
false |
Elemen respons
|
Element |
Type |
Description |
Example |
|
object |
|||
| KeyVersionId |
string |
The ID of the key version that is used to decrypt the ciphertext. This key version is a version of the master key. |
2ab1a983-7072-4bbc-a582-584b5bd8**** |
| KeyId |
string |
The ID of the master key that is used to decrypt the ciphertext. |
202b9877-5a25-46e3-a763-e20791b5**** |
| RequestId |
string |
The request ID. |
207596a2-36d3-4840-b1bd-f87044699bd7 |
| Plaintext |
string |
The decrypted plaintext. |
tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv**** |
Contoh
Respons sukses
JSONformat
{
"KeyVersionId": "2ab1a983-7072-4bbc-a582-584b5bd8****",
"KeyId": "202b9877-5a25-46e3-a763-e20791b5****",
"RequestId": "207596a2-36d3-4840-b1bd-f87044699bd7",
"Plaintext": "tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****"
}Kode kesalahan
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | UnsupportedOperation | This action is not supported. | |
| 404 | Forbidden.AliasNotFound | The specified Alias is not found. | |
| 404 | Forbidden.KeyNotFound | The specified Key is not found. | |
| 409 | Rejected.Disabled | The request was rejected because the key state is Disabled. | |
| 409 | Rejected.PendingDeletion | The request was rejected because the key state is PendingDeletion. | |
| 409 | Rejected.Unavailable | The request was rejected because the key state is Unavailable. |
Lihat Error Codes untuk daftar lengkap.
Catatan rilis
Lihat Release Notes untuk daftar lengkap.