class Aws::KMS::Types::DecryptRequest


@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptRequest AWS API Documentation
@return [Boolean]<br>: docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html<br><br><br><br>permissions][1] in the *Key Management Service Developer Guide*.
To learn more about how to use this parameter, see [Testing your
parameter.
Checks if your request will succeed. ‘DryRun` is an optional
@!attribute [rw] dry_run
@return [Types::RecipientInfo]<br>: docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html<br>[2]: docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk<br>[1]: docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-concepts.html#term-attestdoc<br><br><br><br>uses KMS] in the *Key Management Service Developer Guide*.
Services Nitro Enclaves, see [How Amazon Web Services Nitro Enclaves
For information about the interaction between KMS and Amazon Web
`Plaintext` field in the response is null or empty.
be decrypted only with the private key in the enclave. The
`CiphertextForRecipient` field in the response. This ciphertext can
attestation document, and returns the resulting ciphertext in the
data, KMS encrypts the plaintext data with the public key in the
When you use this parameter, instead of returning the plaintext
Web Services Nitro Enclaves SDK] or any Amazon Web Services SDK.
Services Nitro Enclaves. To include this parameter, use the [Amazon
This parameter only supports attestation documents for Amazon Web
`RSAES_OAEP_SHA_256`.
public key. The only valid encryption algorithm is
enclave and the encryption algorithm to use with the enclave’s
A signed [attestation document] from an Amazon Web Services Nitro
@!attribute [rw] recipient
@return [String]
encryption KMS keys.
represents the only supported algorithm that is valid for symmetric
under an asymmetric KMS key. The default value, ‘SYMMETRIC_DEFAULT`,
This parameter is required only when the ciphertext was encrypted
fails.
data. If you specify a different algorithm, the `Decrypt` operation
ciphertext. Specify the same algorithm that was used to encrypt the
Specifies the encryption algorithm that will be used to decrypt the
@!attribute [rw] encryption_algorithm
@return [String]
DescribeKey. To get the alias name and alias ARN, use ListAliases.
To get the key ID and key ARN for a KMS key, use ListKeys or
* Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
* Alias name: `alias/ExampleAlias`
`arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
* Key ARN:
* Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
For example:
the key ARN or alias ARN.
a KMS key in a different Amazon Web Services account, you must use
ARN. When using an alias name, prefix it with `“alias/”`. To specify
To specify a KMS key, use its key ID, key ARN, alias name, or alias
you intend.
best practice. This practice ensures that you use the KMS key that
symmetric ciphertext blob. However, it is always recommended as a
key, KMS can get the KMS key from metadata that it adds to the
under an asymmetric KMS key. If you used a symmetric encryption KMS
This parameter is required only when the ciphertext was encrypted
operation throws an `IncorrectKeyException`.
ciphertext. If you identify a different KMS key, the `Decrypt`
Enter a key ID of the KMS key that was used to encrypt the
Specifies the KMS key that KMS uses to decrypt the ciphertext.
@!attribute [rw] key_id
@return [Array<String>]<br>: docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html<br>[1]: docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token<br><br><br><br>token][2] in the *Key Management Service Developer Guide*.
For more information, see [Grant token] and [Using a grant
from a new grant that has not yet achieved *eventual consistency*.
Use a grant token when your permission to call this operation comes
A list of grant tokens.
@!attribute [rw] grant_tokens
@return [Hash<String,String>]<br>: docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html<br>[1]: docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#cryptographic-operations<br><br><br><br>Management Service Developer Guide*.
For more information, see [Encryption context] in the *Key
recommended.
keys, an encryption context is optional, but it is strongly
encryption KMS keys. On operations with symmetric encryption KMS
An encryption context is supported only on operations with symmetric
exact case-sensitive match) encryption context to decrypt the data.
encryption context to encrypt data, you must specify the same (an
pairs that represent additional authenticated data. When you use an
An *encryption context* is a collection of non-secret key-value
support an encryption context.
encryption algorithms and HMAC algorithms that KMS uses do not
with a symmetric encryption KMS key. The standard asymmetric
encryption context is valid only for [cryptographic operations][1]
Specifies the encryption context to use when decrypting the data. An
@!attribute [rw] encryption_context
@return [String]
Ciphertext to be decrypted. The blob includes metadata.
@!attribute [rw] ciphertext_blob