Decrypting and Downloading Document (privilegedunwrap)
Use the POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privilegedunwrap
API to unwrap the wrapped key. The decrypted document can now be downloaded.
Request Parameters
Parameter | Type | Description |
---|---|---|
id | string | ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints. |
wrapped_key | string | The base64 binary object returned by the unwrap call. |
resource_name | string | Unique identifier for the object. It must match the resource_name that was used to wrap the key. |
authentication | string | A JWT issued by a third-party asserting who the user is. |
reason | string | Additional information about the operation. |
Example Request
POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privilegedunwrap
{
"wrapped_key":
"7qTh6Mp+svVwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDh
bmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvc
gm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2
ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199ll
f9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbU
hkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==",
"authentication": "eyJhbGciOi…",
"reason": "{client:’takeout’ op:’read’}",
"resource_name": "resource-name"
}
In the sample request above, "wrapped_key"
represents the key whose DEK you want to find out.
Example Response
{
"key": "0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ=",
"perimeter_id": "takeout"
}
In the sample output, "0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ="
represents the encryption key.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
Refer to HTTP status codes for details.