Decrypting and Downloading Document (takeout_unwrap)
Note
The Google Workspace CSE takeout_unwrap
API is for technical preview in this release. It is recommended to not use it in production environments.
Use the POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/takeout_unwrap
API to unwrap the wrapped key. The decrypted document can now be downloaded.
Syntax
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/takeout_unwrap' -H 'Content-Type: application/json' --data-binary $'{\n "wrapped_key": "<KEK>",\n "resource_name": "<resource name>",\n "authentication": "<authentication jwt>",\n "reason": ""\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
id | string | ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints. |
wrapped_key | string | The base64 binary object returned by the unwrap call. |
resource_name | string | Unique identifier for the object. It must match the resource_name that was used to wrap the key. |
authentication | string | A JWT issued by a third-party asserting who the user is. |
reason | string | Additional information about the operation. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200/takeout_unwrap' -H 'Content-Type: application/json' --data-binary $'
{
"wrapped_key":
"7qTh6Mp+svVwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDh
bmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvc
gm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2
ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199ll
f9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbU
hkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==",
"authentication": "eyJhbGciOi…",
"reason": "{client:’takeout’ op:’read’}",
"resource_name": "resource-name"
}' --compressed
In the sample request above, "wrapped_key"
represents the key whose DEK you want to find out.
Example Response
{
"key": "0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ="
}
In the sample output, "0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ="
represents the encryption key.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
Refer to HTTP status codes for details.