Safe Haskell | None |
---|---|
Language | Haskell2010 |
Decrypts ciphertext. Ciphertext is plaintext that has been previously
encrypted by using any of the following functions: GenerateDataKey
GenerateDataKeyWithoutPlaintext
Encrypt
Note that if a caller has been granted access permissions to all keys
(through, for example, IAM user policies that grant Decrypt
permission on all
resources), then ciphertext encrypted by using keys in other accounts where
the key grants access to the caller can be decrypted. To remedy this, we
recommend that you do not grant Decrypt
access in an IAM user policy. Instead
grant Decrypt
access only in key policies. If you must grant Decrypt
access
in an IAM user policy, you should scope the resource to specific keys or to
specific trusted accounts.
http://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html
- data Decrypt
- decrypt :: Base64 -> Decrypt
- dCiphertextBlob :: Lens' Decrypt Base64
- dEncryptionContext :: Lens' Decrypt (HashMap Text Text)
- dGrantTokens :: Lens' Decrypt [Text]
- data DecryptResponse
- decryptResponse :: DecryptResponse
- drKeyId :: Lens' DecryptResponse (Maybe Text)
- drPlaintext :: Lens' DecryptResponse (Maybe Base64)
Request
Request constructor
Decrypt
constructor.
The fields accessible through corresponding lenses are:
Request lenses
dCiphertextBlob :: Lens' Decrypt Base64 Source
Ciphertext to be decrypted. The blob includes metadata.
dEncryptionContext :: Lens' Decrypt (HashMap Text Text) Source
The encryption context. If this was specified in the Encrypt
function, it
must be specified here or the decryption operation will fail. For more
information, see Encryption Context.
dGrantTokens :: Lens' Decrypt [Text] Source
For more information, see Grant Tokens.
Response
data DecryptResponse Source
Response constructor
decryptResponse :: DecryptResponse Source
DecryptResponse
constructor.
The fields accessible through corresponding lenses are:
Response lenses
drKeyId :: Lens' DecryptResponse (Maybe Text) Source
ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.
drPlaintext :: Lens' DecryptResponse (Maybe Base64) Source
Decrypted plaintext data. This value may not be returned if the customer master key is not available or if you didn't have permission to use it.