Decrypting Content Encryption Keys (privatekeydecrypt)
The POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privatekeydecrypt
API is called to unwrap the content encryption key. This API returns the base64 data encryption key. This key will be used by Google Workspace CSE to decrypt the Gmail message.
Request Parameters
Parameter | Type | Description |
---|---|---|
id | string | ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints. |
algorithm | string | Algorithm that was used to encrypt the private key. |
encrypted_data_encryption_key | string | The base64 encoded encrypted data encryption key. |
wrapped_private_key | string | The base64 encoded wrapped private key. |
authorization | string | A JWT asserting that the user is allowed to unwrap the private key. |
authentication | string | A JWT issued by a third party asserting who the user is. |
reason | string | Additional information about the operation. |
rsa_oaep_label | int | The base64 encoded label L if the algorithm is RSAES-OAEP. |
Example Request
POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privatekeydecrypt
{
"wrapped_private_key": "wHrlNOTI9mU6PBdqiq7EQA...",
"encrypted_data_encryption_key": "dGVzdCB3cmFwcGVkIGRlaw...",
"authorization": "eyJhbGciOi...",
"authentication": "eyJhbGciOi...",
"algorithm": "RSA/ECB/PKCS1Padding",
"reason": "decrypt"
}
Example Response
{
"data_encryption_key": "akRQtv3nr+jUhcFL6JmKzB+WzUxbkkMyW5kQsqGUAFc="
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
Refer to HTTP status codes for details.