Copyright | (c) 2013-2015 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following functions:
- GenerateDataKey
- GenerateDataKeyWithoutPlaintext
- Encrypt
Note that if a caller has been granted access permissions to all keys
(through, for example, IAM user policies that grant Decrypt
permission
on all resources), then ciphertext encrypted by using keys in other
accounts where the key grants access to the caller can be decrypted. To
remedy this, we recommend that you do not grant Decrypt
access in an
IAM user policy. Instead grant Decrypt
access only in key policies. If
you must grant Decrypt
access in an IAM user policy, you should scope
the resource to specific keys or to specific trusted accounts.
See: AWS API Reference for Decrypt.
- decrypt :: ByteString -> Decrypt
- data Decrypt
- dEncryptionContext :: Lens' Decrypt (HashMap Text Text)
- dGrantTokens :: Lens' Decrypt [Text]
- dCiphertextBlob :: Lens' Decrypt ByteString
- decryptResponse :: Int -> DecryptResponse
- data DecryptResponse
- drsKeyId :: Lens' DecryptResponse (Maybe Text)
- drsPlaintext :: Lens' DecryptResponse (Maybe ByteString)
- drsStatus :: Lens' DecryptResponse Int
Creating a Request
Creates a value of Decrypt
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
See: decrypt
smart constructor.
Request Lenses
dEncryptionContext :: Lens' Decrypt (HashMap Text Text) Source
The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context.
dGrantTokens :: Lens' Decrypt [Text] Source
For more information, see Grant Tokens.
dCiphertextBlob :: Lens' Decrypt ByteString Source
Ciphertext to be decrypted. The blob includes metadata.
Note: This Lens
automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens
accepts and returns only raw unencoded data.
Destructuring the Response
Creates a value of DecryptResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data DecryptResponse Source
See: decryptResponse
smart constructor.
Response Lenses
drsKeyId :: Lens' DecryptResponse (Maybe Text) Source
ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.
drsPlaintext :: Lens' DecryptResponse (Maybe ByteString) Source
Decrypted plaintext data. This value may not be returned if the customer master key is not available or if you didn't have permission to use it.
Note: This Lens
automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens
accepts and returns only raw unencoded data.
drsStatus :: Lens' DecryptResponse Int Source
The response status code.