Decrypting Data Using External Keys
Use the post /v1/cckm/oci/ekm/v1/vaults/{vaultId}/keys/{keyId}/decrypt
API to decrypt the encrypted data (ciphertext) using a specific version of an OCI external key in the external vault.
Specify the version ID (keyVersionId
) of the key as an input parameter.
The input for the decrypt API is the output JSON blob of the
post /v1/cckm/oci/ekm/v1/vaults/{vaultId}/keys/{keyId}/encrypt
API.The decrypt API uses the source key version stored in the metadata during the encrypt operation to decrypt the ciphertext.
The output of the decrypt API contains the base64-encoded plaintext in a JSON blob.
The supported scope value is oci_ekms
.
When running the API,
{vaultId}
is the resource ID of the external vault on the CipherTrust Manager.{keyId}
is the resource ID of the external key on the CipherTrust Manager.
Header
Parameter | Type | Description |
---|---|---|
opc-request-id | String | Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service. |
Request Parameters
Tip
Refer to the output of the post /v1/cckm/oci/ekm/v1/vaults/{vaultId}/keys/{keyId}/encrypt
API for correct values of the input parameters. Refer to Encrypting Data Using External Keys for details.
Parameter | Type | Description |
---|---|---|
ciphertext | string | A byte array that appears as a base64 encoded string in the JSON blob. |
iv | string | A byte array that appears as a base64 encoded string in the JSON blob. |
mode | string | Crypto mode used for encryption (for example, CBC , ECB , GCM ). |
pad | string | Padding algorithm, for example, none, pkcs7. |
tag | string | A byte array that appears as a base64 encoded string in the JSON blob. |
aad | string | A byte array that appears as a base64 encoded string in the JSON blob. |
keyVersionId | string | Resource ID of the external key version on the CipherTrust Manager to be used for decryption. |
Example Request
Example Response
Response Codes
Response Code | Description |
---|---|
200 | Ok |
400 | Bad request |
401 | Unauthorized |
404 | Not found |
403 | Forbidden |
500 | Internal server error |
Refer to HTTP status codes for details.