| Copyright | (c) 2013-2015 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
| Language | Haskell2010 |
Network.AWS.KMS.Decrypt
Description
Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following functions:
- GenerateDataKey
- GenerateDataKeyWithoutPlaintext
- Encrypt
Note that if a caller has been granted access permissions to all keys
(through, for example, IAM user policies that grant Decrypt permission
on all resources), then ciphertext encrypted by using keys in other
accounts where the key grants access to the caller can be decrypted. To
remedy this, we recommend that you do not grant Decrypt access in an
IAM user policy. Instead grant Decrypt access only in key policies. If
you must grant Decrypt access in an IAM user policy, you should scope
the resource to specific keys or to specific trusted accounts.
See: AWS API Reference for Decrypt.
- decrypt :: ByteString -> Decrypt
- data Decrypt
- decEncryptionContext :: Lens' Decrypt (HashMap Text Text)
- decGrantTokens :: Lens' Decrypt [Text]
- decCiphertextBlob :: Lens' Decrypt ByteString
- decryptResponse :: Int -> DecryptResponse
- data DecryptResponse
- drsKeyId :: Lens' DecryptResponse (Maybe Text)
- drsPlaintext :: Lens' DecryptResponse (Maybe ByteString)
- drsResponseStatus :: Lens' DecryptResponse Int
Creating a Request
Arguments
| :: ByteString | |
| -> Decrypt |
Creates a value of Decrypt with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
See: decrypt smart constructor.
Request Lenses
decEncryptionContext :: Lens' Decrypt (HashMap Text Text) Source
The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context.
decGrantTokens :: Lens' Decrypt [Text] Source
A list of grant tokens.
For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.
decCiphertextBlob :: Lens' Decrypt ByteString Source
Ciphertext to be decrypted. The blob includes metadata.
Note: This Lens automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens accepts and returns only raw unencoded data.
Destructuring the Response
Arguments
| :: Int | |
| -> DecryptResponse |
Creates a value of DecryptResponse with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data DecryptResponse Source
See: decryptResponse smart constructor.
Response Lenses
drsKeyId :: Lens' DecryptResponse (Maybe Text) Source
ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.
drsPlaintext :: Lens' DecryptResponse (Maybe ByteString) Source
Decrypted plaintext data. This value may not be returned if the customer master key is not available or if you didn't have permission to use it.
Note: This Lens automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens accepts and returns only raw unencoded data.
drsResponseStatus :: Lens' DecryptResponse Int Source
The response status code.