Skip to content

/AWS1/CL_KMSDECRYPTRESPONSE

DecryptResponse

CONSTRUCTOR

IMPORTING

Optional arguments:

iv_keyid TYPE /AWS1/KMSKEYIDTYPE /AWS1/KMSKEYIDTYPE

The Amazon Resource Name (key ARN) of the KMS key that was used to decrypt the ciphertext.

iv_plaintext TYPE /AWS1/KMSPLAINTEXTTYPE /AWS1/KMSPLAINTEXTTYPE

Decrypted plaintext data. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.

If the response includes the CiphertextForRecipient field, the Plaintext field is null or empty.

iv_encryptionalgorithm TYPE /AWS1/KMSENCALGORITHMSPEC /AWS1/KMSENCALGORITHMSPEC

The encryption algorithm that was used to decrypt the ciphertext.

iv_ciphertextforrecipient TYPE /AWS1/KMSCIPHERTEXTTYPE /AWS1/KMSCIPHERTEXTTYPE

The plaintext data encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

iv_keymaterialid TYPE /AWS1/KMSBACKINGKEYIDTYPE /AWS1/KMSBACKINGKEYIDTYPE

The identifier of the key material used to decrypt the ciphertext. This field is present only when the operation uses a symmetric encryption KMS key. This field is omitted if the request includes the Recipient parameter.

Queryable Attributes

KeyId

The Amazon Resource Name (key ARN) of the KMS key that was used to decrypt the ciphertext.

Accessible with the following methods

Method Description
GET_KEYID() Getter for KEYID, with configurable default
ASK_KEYID() Getter for KEYID w/ exceptions if field has no value
HAS_KEYID() Determine if KEYID has a value

Plaintext

Decrypted plaintext data. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.

If the response includes the CiphertextForRecipient field, the Plaintext field is null or empty.

Accessible with the following methods

Method Description
GET_PLAINTEXT() Getter for PLAINTEXT, with configurable default
ASK_PLAINTEXT() Getter for PLAINTEXT w/ exceptions if field has no value
HAS_PLAINTEXT() Determine if PLAINTEXT has a value

EncryptionAlgorithm

The encryption algorithm that was used to decrypt the ciphertext.

Accessible with the following methods

Method Description
GET_ENCRYPTIONALGORITHM() Getter for ENCRYPTIONALGORITHM, with configurable default
ASK_ENCRYPTIONALGORITHM() Getter for ENCRYPTIONALGORITHM w/ exceptions if field has no
HAS_ENCRYPTIONALGORITHM() Determine if ENCRYPTIONALGORITHM has a value

CiphertextForRecipient

The plaintext data encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

Accessible with the following methods

Method Description
GET_CIPHERTEXTFORRECIPIENT() Getter for CIPHERTEXTFORRECIPIENT, with configurable default
ASK_CIPHERTEXTFORRECIPIENT() Getter for CIPHERTEXTFORRECIPIENT w/ exceptions if field has
HAS_CIPHERTEXTFORRECIPIENT() Determine if CIPHERTEXTFORRECIPIENT has a value

KeyMaterialId

The identifier of the key material used to decrypt the ciphertext. This field is present only when the operation uses a symmetric encryption KMS key. This field is omitted if the request includes the Recipient parameter.

Accessible with the following methods

Method Description
GET_KEYMATERIALID() Getter for KEYMATERIALID, with configurable default
ASK_KEYMATERIALID() Getter for KEYMATERIALID w/ exceptions if field has no value
HAS_KEYMATERIALID() Determine if KEYMATERIALID has a value