Your suggested change has been received. Thank you.

Suggest A Change

Please Note:

Administration
CipherTrust Manager Administration
- Password Policy
- Users
- Key Policies
- Certificate Based Authentication
- Changing Passwords
- Domain Management
- Groups
- LDAP Group Mapping
- Services
- Root of Trust Hardware Security Module
- Clusters and Nodes
- CipherTrust Manager System Monitoring
  - Records
  - Alarms
  - Syslogs
  - Debug Logs
  - Log Forwarding
  - Prometheus Metrics Endpoint
- Policies
- Tokens
- Banners
- Interfaces
- Proxy Configuration
- Quorums
- SNMP
- SMTP
- Backups
- Scheduling Backups
- Disk Encryption After Initial Deployment
- Scheduler
- Connection Manager
  - Connections
  - Amazon Web Services (AWS)
  - Google Cloud Platform (GCP)
  - Secure Copy Protocol (SCP)
  - Microsoft Azure
  - Hadoop Knox
  - Loki
  - Salesforce
  - Luna Network HSM
  - Elasticsearch
  - SAP Data Custodian
  - Server Message Block (SMB)
  - Syslog
  - Oracle Cloud Infrastructure (OCI)
  - DSM Connection
  - OIDC
  - LDAP
- Browsing LDAP Users and Groups
- System Upgrade/Downgrade
- Client Management
- Configuring DNS Hosts
- CLI Toolkit
  - CLI Toolkit Installation
  - Batching Commands with Tokens
  - Example CLI User Set Up
  - Support CLI
- Keys
- Key Rotation
- Crypto Operations
- MKEK Rotation
- Certificate Authority
- Data Protection
  - Protection Profiles
  - BDT Policies
  - BDT Containers
- REST API
- System Properties
- Integrating Logging with Splunk App
- Return Material Authorization (RMA) Guidance
Application Data Protection Administration
- Overview
- Interfaces
- Managing Applications
  - Defining Applications
  - Modifying Applications
  - Deleting Applications
  - Viewing Application Details
  - Viewing Registration Token
  - DPG Policies
- Managing Character Sets
  - Creating Character Sets
  - Modifying Character Sets
  - Deleting Character Sets
- Managing Protection Policy
  - Viewing protection policy
  - Creating protection policy
  - Modifying protection policy
  - Deleting protection policy
- Managing Access Policy
  - Viewing access policy
  - Creating access policy
  - Modifying access policy
  - Deleting access policy
- Managing User Set
  - Viewing user set
  - Creating user set
  - Deleting user set
- Managing Masking Formats
  - Viewing masking format
  - Creating masking formats
  - Modifying masking format
  - Deleting masking format
- Single Pane of Glass
- Heartbeat Configuration
- Frequently Asked Questions
CCKM Administration
- Overview
- Interfaces
- AWS Resources
  - Managing AWS Accounts
  - Managing AWS Keys
  - Scheduling Operations
  - Managing AWS Reports
  - Managing Policy Templates
- AWS External Key Store Resources
  - Managing External Key Store Resources
  - AWS XKS Performance Summary
- AWS CloudHSM Key Store Resources
  - Managing an AWS CloudHSM Key Store from CCKM
- Azure Resources
  - Prerequisites
    - Prerequisites for Azure Cloud
    - Prerequisites for Azure Stack Cloud with Azure AD
    - Prerequisites for Azure Stack Cloud with Azure ADFS
  - Managing Azure Vaults
  - Managing Azure Keys
  - Scheduling Operations
  - Managing Azure Reports
  - Viewing Azure Subscriptions
  - Performance Summary
- Luna HSM Resources
  - Managing Luna HSM Partitions
  - Managing Luna HSM Keys
  - Scheduling Operations
- DSM Resources
  - Managing DSM Domains
  - Managing DSM Keys
  - Scheduling Operations
- Google Cloud Resources
  - Google Cloud Projects
  - Google Cloud Key Rings
  - Google Cloud Keys
  - Google Cloud Reports
  - Scheduling Operations
- Google Cloud External Key Manager Resources
  - Managing Google EKM Endpoints
  - Managing Google EKM Endpoint Policies
  - Google EKM Performance Summary
- Google Workspace CSE Resources
  - Access Policies
  - High Level Architecture
  - Licensing
  - Prerequisites
  - Clustering for Google Workspace
  - Encrypting Data Encryption Keys
  - Decrypting Data Encryption Keys
  - Endpoints
  - Identity Providers
  - Viewing Google Workspace CSE Records
  - Related APIs
    - Creating an Issuer
    - Viewing Issuers
    - Viewing Details of an Issuer
    - Deleting an Issuer
    - Creating KACLS Endpoints
    - Viewing KACLS Endpoints
    - Viewing Details of a KACLS Endpoint
    - Updating a KACLS Endpoint
    - Disabling a KACLS Endpoint
    - Enabling a KACLS Endpoint
    - Archiving a KACLS Endpoint
    - Recovering a KACLS Endpoint
    - Deleting a KACLS Endpoint
    - Encrypting Data Encryption Keys (wrap)
    - Rotating Endpoint Keys (rotate-key)
    - Decrypting Data Encryption Keys (unwrap)
    - Decrypting and Downloading Document (privileged_unwrap)
    - Viewing KACLS Endpoint Perimeters
    - Updating a KACLS Endpoint Perimeter
    - Viewing the KACLS Endpoint Status
    - Encrypting Private Keys (wrapprivatekey)
    - Signing Private Keys (privatekeysign)
    - Decrypting Content Encryption Keys (privatekeydecrypt)
    - Decrypting and Downloading Gmail Message (privilegedprivatekeydecrypt)
  - Performance Summary
    - Google Calendar
    - Google Drive
    - Google Meet
- Salesforce Resources
  - Managing Salesforce Organizations
  - Managing Salesforce Tenant Secrets
  - Scheduling Operations
  - Managing Salesforce Reports
  - Managing Salesforce Cache-Only Key Endpoints
  - Managing Certificates from Salesforce Organizations
- SAP Resources
  - Managing SAP Groups
  - Managing SAP Keys
  - Scheduling Operations
  - Managing SAP Reports
  - Viewing Linked SAP Applications
  - Performance Summary
- Oracle Cloud Resources
  - Managing Oracle Vaults
  - Managing Oracle Keys
  - Scheduling Operations
  - Managing Oracle Reports
  - Managing Oracle Compartments
- Migrate from CCKM Appliance
- Key Material Export and Upload
CDP Administration
- Interfaces
- Concepts
- Configuring Oracle Databases
- Configuring DB2 Databases
- Configuring SQL Server Databases
- Configuring Teradata Databases
- Troubleshooting
CipherTrust Intelligent Protection
- Overview
- Configuration
- Concepts
- Scans
- Reports
- CTE Policies
- File Operations with CIP
- Backup and Restore
- Troubleshooting
CTE UserSpace Administration
- Overview
- Interfaces
- Concepts
- Data Transformation
- Managing Profiles
- Managing Clients
  - Client Settings
  - Changing Client Password
  - Managing Membership
  - Deleting Clients
- Managing Client Groups
- Managing Signature Sets
- Managing Policies
  - Creating Policy Elements
  - Viewing Policy Elements
  - Creating Policies
  - Modifying Policies and Rules
- Managing GuardPoints
  - Considerations Before Creating GuardPoints
  - Creating GuardPoints
    - Creating Standard GuardPoints
  - Automatic and Manual GuardPoints
  - Viewing GuardPoints
  - Viewing GuardPoint Status
  - Removing GuardPoints
  - Disabling GuardPoints
  - Enabling GuardPoints
- Sharing Resources Across Domains
- Communication with CipherTrust Manager
- Configuring Cluster Node Preference
- Backup and Restore
- Integrating CTE Logging with Splunk
- Permissions
- Quorum Control
- Operations
- Common Scenarios
- Reports
  - Clients Health Report
  - Clients Keys Report
  - Clients Profiles Report
  - Clients Policies Report
  - Policies Keys Report
  - GuardPoints Report
  - Clients GuardPoint Status Report
- Troubleshooting
- API Examples
  - Creating Keys
  - Creating Policy Elements
  - Creating Policies
  - Creating GuardPoints
- API Response Codes
CTE Administration
- Overview
- Interfaces
- Concepts
- Data Transformation
- Managing Profiles
- Managing Clients
  - Enabling Live Data Transformation
  - Setting Client Locks
  - Client Settings
  - CTE Linux Authentication and Client Settings
  - Changing Client Password
  - Managing Membership
  - Deleting Clients
  - Kernel Compatibility Matrix
- Managing LDT Communication Groups
- Managing Client Groups
- Managing Signature Sets
- Managing Policies
  - Creating Policy Elements
  - Viewing Policy Elements
  - Creating Policies
  - Modifying Policies and Rules
- Managing GuardPoints
  - Secure Start GuardPoints
  - Considerations Before Creating GuardPoints
  - Creating GuardPoints
    - Creating Standard GuardPoints
    - Creating LDT GuardPoints
    - Creating Cloud Object Storage GuardPoints
    - Creating IDT GuardPoints
    - Creating GuardPoints for Efficient Storage Devices
  - Enabling Secure Start for GuardPoints
  - Protecting Teradata Appliances
  - Automatic and Manual GuardPoints
  - Viewing GuardPoints
  - Viewing GuardPoint Status
  - Changing SMB Connection
  - Removing GuardPoints
  - Disabling GuardPoints
  - Enabling GuardPoints
  - Enabling and Disabling MFA on GuardPoints
- Managing Kubernetes Storage Groups and Clients
  - Managing Kubernetes Storage Groups
  - Managing Kubernetes Clients
  - Protecting Kubernetes Clients
- Sharing Resources Across Domains
- Multifactor Authentication
- Communication with CipherTrust Manager
- Configuring Cluster Node Preference
- Backup and Restore
- Integrating CTE Logging with Splunk
- Migrating CTE Configuration from Data Security Manager
- Migration Summary
- Permissions
- Quorum Control
- Operations
- Common Scenarios
- Reports
  - Clients Health Report
  - Clients Keys Report
  - Clients Profiles Report
  - Clients Policies Report
  - Policies Keys Report
  - GuardPoints Report
  - Clients GuardPoint Status Report
- Troubleshooting
- API Examples
  - Creating Keys
  - Creating Policy Elements
  - Creating Policies
  - LDT Use Cases
  - Creating GuardPoints
- API Response Codes
DDC Administration
- Solution Architecture
- Interfaces
- Concepts
- User Groups
- Managing Branch Locations
- Managing Information Types
- Managing Classification Profiles
- Managing Data Stores
- Local Data Stores
- Network Storage Data Stores
- Database Data Stores
- Big Data Data Stores
- Cloud Data Stores
- Server Data Stores
- Managing Scans
- Managing Reports
- Managing Agents
- Logging
- Operations
- Troubleshooting
- Appendix
- Deployment Security
ProtectFile Administration
- Interfaces
- Client Profiles
- Clients
- Access
- Keys
- Rules
- Client-Rule Associations
- Network Shares
- Clusters
- Operations
- Migration from KeySecure Classic to CipherTrust Manager
- Migrating ProtectFile to CipherTrust Transparent Encryption
ProtectV Administration
- Interfaces
- Concepts
- Operations
- Managing Images
- Managing Instances
- Viewing Encryption Keys
- Configuring a Keystore
- Configuring Key Management Settings
- Configuring Global Autoscaling
- Using Proxy with ProtectV Clients

Decrypting and Downloading Gmail Message (privilegedprivatekeydecrypt)

The POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privilegedprivatekeydecrypt API is called to decrypt the Gmail message exported (takeout) from Google. This API returns the base64 data encryption key. This key will be used by Google Workspace CSE to decrypt the exported Gmail message.

Syntax

curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privilegedprivatekeydecrypt' -H 'Content-Type: application/json' --data-binary $'{\n  "wrapped_private_key": "<wrapped private key>",\n  "authentication": "<authentication jwt>",\n "algorithm": "<algorithm>",\n  "encrypted_data_encryption_key": "<encrypted data encryption key>",\n "reason": ""\n}' --compressed

Request Parameters

Parameter	Type	Description
id	string	ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints.
algorithm	string	Algorithm that was used to encrypt the private key.
encrypted_data_encryption_key	string	The base64 encoded encrypted data encryption key.
wrapped_private_key	string	The base64 encoded wrapped private key.
authentication	string	A JWT issued by a third party asserting who the user is.
reason	string	Additional information about the operation.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/7d03-4e2d-c1583936-a0ae-3a1ae2d2e200/privilegedprivatekeydecrypt' -H 'Content-Type: application/json' --data-binary $'
{
    "wrapped_private_key": "wHrlNOTI9mU6PBdqiq7EQA...",
    "encrypted_data_encryption_key": "dGVzdCB3cmFwcGVkIGRlaw...",
    "authentication": "eyJhbGciOi...",
    "algorithm": "RSA/ECB/PKCS1Padding",
    "reason": "admin decrypt"
}' --compressed

Example Response

{
    "data_encryption_key": "akRQtv3nr+jUhcFL6JmKzB+WzUxbkkMyW5kQsqGUAFc"
}

Response Codes

Response Code	Description
2xx	Success
4xx	Client errors

Refer to HTTP status codes for details.