Decrypting Data Encryption Keys (unwrap)
The POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/unwrap API is called to unwrap the wrapped key.
Syntax
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/unwrap' -H 'Content-Type: application/json' --data-binary $'{\n "wrapped_key": "<KEK>",\n "authorization": "<authorization jwt>",\n "authentication": "<authentication jwt>",\n "reason": ""\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints. |
| wrapped_key | string | The base64 binary object returned by the unwrap call. |
| authorization | string | A JWT asserting that the user is allowed to unwrap DEK. |
| authentication | string | A JWT issued by a third-party asserting who the user is. |
| reason | string | Additional information about the operation. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200/unwrap' -H 'Content-Type: application/json' --data-binary $'
{
"wrapped_key": "eyJ3cmFwcGVkX2tleSI6IjFseTQrSXl3TkJjNGZEL0VXdTQ0QlQ2MHA2dWdVbjR6d2dyMi9GdEJhb3dSZ0hhZks0SlhDME5kazAxTEhIMkJiUkZuR1Ayb3VqUFZoSVllZEVsMU03cTczNGdieStlZmpGOURyT094SnZzMkw1TjJRWTZyaDJrWERmNEdQV1c5OWcvaExQYzRrYWVJZS8rMDBweFdVVjh0NnpMT0F5Q0FTMkFHczZhVHFEbUVaSHUwa2M2N1V4SGNjM29yRmE0RnpueGQxaktWZ0JSWXdka3JqMmtQRTlkZ252ZFRrek5rWThkU1lUTzZkYzBienZOSTQ4TWhkS3M9Iiwia2VrX2lkIjoiNTg4MzdmZGJlYTYyNDY2YzhiZThmZjNjMjY5ZDg3MDg5MTQzMWU2M2M5MTQ0MWFjODQ1MDA5M2U4ZTExNWY1ZCJ9",
"authorization": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjNjYjkzNDNiNDMxOGE5ODgyYmVmMzU4ZmQzNzlmYTIzMWMyZGY1N2EiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJnc3VpdGVjc2UtdG9rZW5pc3N1ZXItZHJpdmVAc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJhdWQiOiJjc2UtYXV0aG9yaXphdGlvbiIsImVtYWlsIjoiZGFuaXNoLWRlby5qb2hhcmlAdGhhbGVzZ3N1aXRlaW50ZWdyYXRpb24ubmV0IiwicmVzb3VyY2VfbmFtZSI6Ii8vZ29vZ2xlYXBpcy5jb20vZHJpdmUvZmlsZXMvMWpyR01qdXFhX1hZOVl1ODZqd1NVc0Z0U1dMYVNfYVRqIiwicm9sZSI6IndyaXRlciIsImthY2xzX3VybCI6Imh0dHBzOi8vZGFuaXNoLWd3LnRoYWxlc2dzdWl0ZWludGVncmF0aW9uLm5ldC9hcGkvdjEvY2NrbS9Hb29nbGVXb3Jrc3BhY2VDU0UvZW5kcG9pbnRzLzRkMTNmMjcwLTZhZmUtNDM1OC04NWZlLWY2MGUyOTA4OWI4MCIsInBlcmltZXRlcl9pZCI6IiIsImlhdCI6MTYxNjA1OTUyOCwiZXhwIjoxNjE2MDYzMTI4fQ.iyhF3naaEavjIkAL35UfA2f8IGMkwkeXWfhObkqozshPF0OobF5gD193FsXEKZs7CKJS-rIBttw466_7BugK_gyUl7jX6_z5NQ4454RjLIGf31hZvOH-eqWDIsW5Vcl9clwabpJqoVONX0mUv7bKxrToSvLWdfvTWvyEbWewQoJEjwIaGOr6a_7LVE7i7ldpTH1pTYRC40EYgc-U9_Bf_IylpK-EgDMqjFqXz7yJKFe4VflVtal5_a_ymwIgtASCLxQeXINfbNe9bzwV5A54kJXhAyQFysiraWQ8q3QWYbdwEsPuQWGHySH9meCwPrk0elbj9slCBGJkVs9efWSWVw",
"authentication": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkhlVENRLW56eGJDM2x5ZFkxc0ZiMiJ9.eyJlbWFpbCI6ImRhbmlzaC1kZW8uam9oYXJpQHRoYWxlc2dzdWl0ZWludGVncmF0aW9uLm5ldCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJpc3MiOiJodHRwczovL2Rldi1haHpjZTUwbC5hdXRoMC5jb20vIiwic3ViIjoiZ29vZ2xlLW9hdXRoMnwxMTgwOTA4NTU4MjE5ODYyODI3MzUiLCJhdWQiOiIxZU90Z001VmhXNktUWXB5M1Q0UGtpd2tMU1M1WXFjdSIsImlhdCI6MTYxNjA1OTU0MywiZXhwIjoxNjE2MDk1NTQzLCJub25jZSI6IjdVYmpwVk9Dd3Zha1Y3dVllckRvdHc6aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tIn0.6l3gOSJWKAH0FRTLYplZ4Hk84_hN8Wf_yIj0W-Hr0LNeLUlJO3qb8ZsYtYwpirU_XHsAXSpu625FeGmTYLTsHuGk2IVivwvIoXti5YElEoKu7U74C8AZsYktLQwmITQqhlvhthk_RBNNd92A5Pzfa-uB5XTKiEWZaywnl-cBgXu-DIsy24cVOudyJLLoO9z57NVjWImsYBSF4hNLjj0t3YzK93heed_j6ogIOTl7Fx0gYa8_3JwJMS7eSgaG5MPIgQgWVQerROpY47cM3QakNUpX40yrEIJOrmcO5rFXX2NU8Bj-BGzKEHtMfka5DLofAVp4rvikL3szPAp91rUNBA",
"reason": "{client:’drive’ op:’update’}"
}' --compressed
Example Response
{
"key": "GiCi4cC3BGkxcFQWy4BiU4UbZ9c1GYwIU8ZHN2kRd1vhpg=="
}
In the sample response above, "0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ=" represents the key whose DEK you need to find out.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
Refer to HTTP status codes for details.
