Copyright	(c) 2013-2018 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None
Language	Haskell2010

Network.AWS.KMS.Decrypt

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following operations:

Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies that grant Decrypt permission on all resources), then ciphertext encrypted by using keys in other accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt access only in key policies. If you must grant Decrypt access in an IAM user policy, you should scope the resource to specific keys or to specific trusted accounts.

Synopsis

decrypt :: ByteString -> Decrypt
data Decrypt
decEncryptionContext :: Lens' Decrypt (HashMap Text Text)
decGrantTokens :: Lens' Decrypt [Text]
decCiphertextBlob :: Lens' Decrypt ByteString
decryptResponse :: Int -> DecryptResponse
data DecryptResponse
drsKeyId :: Lens' DecryptResponse (Maybe Text)
drsPlaintext :: Lens' DecryptResponse (Maybe ByteString)
drsResponseStatus :: Lens' DecryptResponse Int

Creating a Request

decrypt Source #

Arguments

:: ByteString	`decCiphertextBlob`
-> Decrypt

Creates a value of Decrypt with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

decEncryptionContext - The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context .
decGrantTokens - A list of grant tokens. For more information, see Grant Tokens in the AWS Key Management Service Developer Guide .
decCiphertextBlob - Ciphertext to be decrypted. The blob includes metadata.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

data Decrypt Source #

See: decrypt smart constructor.

Instances

Eq Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods (==) :: Decrypt -> Decrypt -> Bool # (/=) :: Decrypt -> Decrypt -> Bool #
Data Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Decrypt -> c Decrypt # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Decrypt # toConstr :: Decrypt -> Constr # dataTypeOf :: Decrypt -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Decrypt) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Decrypt) # gmapT :: (forall b. Data b => b -> b) -> Decrypt -> Decrypt # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Decrypt -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Decrypt -> r # gmapQ :: (forall d. Data d => d -> u) -> Decrypt -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Decrypt -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Decrypt -> m Decrypt # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Decrypt -> m Decrypt # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Decrypt -> m Decrypt #
Read Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods readsPrec :: Int -> ReadS Decrypt # readList :: ReadS [Decrypt] # readPrec :: ReadPrec Decrypt # readListPrec :: ReadPrec [Decrypt] #
Show Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods showsPrec :: Int -> Decrypt -> ShowS # show :: Decrypt -> String # showList :: [Decrypt] -> ShowS #
Generic Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Associated Types type Rep Decrypt :: Type -> Type # Methods from :: Decrypt -> Rep Decrypt x # to :: Rep Decrypt x -> Decrypt #
Hashable Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods hashWithSalt :: Int -> Decrypt -> Int # hash :: Decrypt -> Int #
ToJSON Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods toJSON :: Decrypt -> Value # toEncoding :: Decrypt -> Encoding # toJSONList :: [Decrypt] -> Value # toEncodingList :: [Decrypt] -> Encoding #
AWSRequest Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Associated Types type Rs Decrypt :: Type # Methods request :: Decrypt -> Request Decrypt # response :: (MonadResource m, MonadThrow m) => Logger -> Service -> Proxy Decrypt -> ClientResponse -> m (Response Decrypt) #
ToHeaders Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods toHeaders :: Decrypt -> [Header] #
ToPath Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods toPath :: Decrypt -> ByteString #
ToQuery Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods toQuery :: Decrypt -> QueryString #
NFData Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods rnf :: Decrypt -> () #
type Rep Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt type Rep Decrypt = D1 (MetaData "Decrypt" "Network.AWS.KMS.Decrypt" "amazonka-kms-1.6.1-1UDljZYfeha1jjHbbMax4v" False) (C1 (MetaCons "Decrypt'" PrefixI True) (S1 (MetaSel (Just "_decEncryptionContext") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe (Map Text Text))) :: (S1 (MetaSel (Just "_decGrantTokens") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [Text])) :: S1 (MetaSel (Just "_decCiphertextBlob") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Base64))))
type Rs Decrypt Source #
Instance details Defined in Network.AWS.KMS.Decrypt type Rs Decrypt = DecryptResponse

Request Lenses

decEncryptionContext :: Lens' Decrypt (HashMap Text Text) Source #

The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context .

decGrantTokens :: Lens' Decrypt [Text] Source #

A list of grant tokens. For more information, see Grant Tokens in the AWS Key Management Service Developer Guide .

decCiphertextBlob :: Lens' Decrypt ByteString Source #

Ciphertext to be decrypted. The blob includes metadata.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

Destructuring the Response

decryptResponse Source #

Arguments

:: Int	`drsResponseStatus`
-> DecryptResponse

Creates a value of DecryptResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

drsKeyId - ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.
drsPlaintext - Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.
drsResponseStatus - -- | The response status code.

data DecryptResponse Source #

See: decryptResponse smart constructor.

Instances

Eq DecryptResponse Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods (==) :: DecryptResponse -> DecryptResponse -> Bool # (/=) :: DecryptResponse -> DecryptResponse -> Bool #
Data DecryptResponse Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> DecryptResponse -> c DecryptResponse # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c DecryptResponse # toConstr :: DecryptResponse -> Constr # dataTypeOf :: DecryptResponse -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c DecryptResponse) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c DecryptResponse) # gmapT :: (forall b. Data b => b -> b) -> DecryptResponse -> DecryptResponse # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> DecryptResponse -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> DecryptResponse -> r # gmapQ :: (forall d. Data d => d -> u) -> DecryptResponse -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> DecryptResponse -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> DecryptResponse -> m DecryptResponse # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> DecryptResponse -> m DecryptResponse # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> DecryptResponse -> m DecryptResponse #
Show DecryptResponse Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods showsPrec :: Int -> DecryptResponse -> ShowS # show :: DecryptResponse -> String # showList :: [DecryptResponse] -> ShowS #
Generic DecryptResponse Source #
Instance details Defined in Network.AWS.KMS.Decrypt Associated Types type Rep DecryptResponse :: Type -> Type # Methods from :: DecryptResponse -> Rep DecryptResponse x # to :: Rep DecryptResponse x -> DecryptResponse #
NFData DecryptResponse Source #
Instance details Defined in Network.AWS.KMS.Decrypt Methods rnf :: DecryptResponse -> () #
type Rep DecryptResponse Source #
Instance details Defined in Network.AWS.KMS.Decrypt type Rep DecryptResponse = D1 (MetaData "DecryptResponse" "Network.AWS.KMS.Decrypt" "amazonka-kms-1.6.1-1UDljZYfeha1jjHbbMax4v" False) (C1 (MetaCons "DecryptResponse'" PrefixI True) (S1 (MetaSel (Just "_drsKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :: (S1 (MetaSel (Just "_drsPlaintext") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe (Sensitive Base64))) :: S1 (MetaSel (Just "_drsResponseStatus") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Int))))

Response Lenses

drsKeyId :: Lens' DecryptResponse (Maybe Text) Source #

ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.

drsPlaintext :: Lens' DecryptResponse (Maybe ByteString) Source #

Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

drsResponseStatus :: Lens' DecryptResponse Int Source #

- | The response status code.