amazonka-kms-1.6.0: Amazon Key Management Service SDK.

Copyright(c) 2013-2018 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Network.AWS.KMS.Decrypt

Contents

Description

Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following operations:

Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies that grant Decrypt permission on all resources), then ciphertext encrypted by using keys in other accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt access only in key policies. If you must grant Decrypt access in an IAM user policy, you should scope the resource to specific keys or to specific trusted accounts.

Synopsis

Creating a Request

decrypt #

Creates a value of Decrypt with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • decEncryptionContext - The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context .
  • decGrantTokens - A list of grant tokens. For more information, see Grant Tokens in the AWS Key Management Service Developer Guide .
  • decCiphertextBlob - Ciphertext to be decrypted. The blob includes metadata.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

data Decrypt #

See: decrypt smart constructor.

Instances

Eq Decrypt # 

Methods

(==) :: Decrypt -> Decrypt -> Bool #

(/=) :: Decrypt -> Decrypt -> Bool #

Data Decrypt # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Decrypt -> c Decrypt #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Decrypt #

toConstr :: Decrypt -> Constr #

dataTypeOf :: Decrypt -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c Decrypt) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Decrypt) #

gmapT :: (forall b. Data b => b -> b) -> Decrypt -> Decrypt #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Decrypt -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Decrypt -> r #

gmapQ :: (forall d. Data d => d -> u) -> Decrypt -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> Decrypt -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> Decrypt -> m Decrypt #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Decrypt -> m Decrypt #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Decrypt -> m Decrypt #

Read Decrypt # 
Show Decrypt # 
Generic Decrypt # 

Associated Types

type Rep Decrypt :: * -> * #

Methods

from :: Decrypt -> Rep Decrypt x #

to :: Rep Decrypt x -> Decrypt #

Hashable Decrypt # 

Methods

hashWithSalt :: Int -> Decrypt -> Int #

hash :: Decrypt -> Int #

ToJSON Decrypt # 
NFData Decrypt # 

Methods

rnf :: Decrypt -> () #

AWSRequest Decrypt # 

Associated Types

type Rs Decrypt :: * #

ToHeaders Decrypt # 

Methods

toHeaders :: Decrypt -> [Header] #

ToPath Decrypt # 

Methods

toPath :: Decrypt -> ByteString #

ToQuery Decrypt # 
type Rep Decrypt # 
type Rep Decrypt = D1 * (MetaData "Decrypt" "Network.AWS.KMS.Decrypt" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "Decrypt'" PrefixI True) ((:*:) * (S1 * (MetaSel (Just Symbol "_decEncryptionContext") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe (Map Text Text)))) ((:*:) * (S1 * (MetaSel (Just Symbol "_decGrantTokens") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe [Text]))) (S1 * (MetaSel (Just Symbol "_decCiphertextBlob") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Base64)))))
type Rs Decrypt # 

Request Lenses

decEncryptionContext :: Lens' Decrypt (HashMap Text Text) #

The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context .

decGrantTokens :: Lens' Decrypt [Text] #

A list of grant tokens. For more information, see Grant Tokens in the AWS Key Management Service Developer Guide .

decCiphertextBlob :: Lens' Decrypt ByteString #

Ciphertext to be decrypted. The blob includes metadata.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

Destructuring the Response

decryptResponse #

Creates a value of DecryptResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • drsKeyId - ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.
  • drsPlaintext - Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.
  • drsResponseStatus - -- | The response status code.

data DecryptResponse #

See: decryptResponse smart constructor.

Instances

Eq DecryptResponse # 
Data DecryptResponse # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> DecryptResponse -> c DecryptResponse #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c DecryptResponse #

toConstr :: DecryptResponse -> Constr #

dataTypeOf :: DecryptResponse -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c DecryptResponse) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c DecryptResponse) #

gmapT :: (forall b. Data b => b -> b) -> DecryptResponse -> DecryptResponse #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> DecryptResponse -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> DecryptResponse -> r #

gmapQ :: (forall d. Data d => d -> u) -> DecryptResponse -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> DecryptResponse -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> DecryptResponse -> m DecryptResponse #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> DecryptResponse -> m DecryptResponse #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> DecryptResponse -> m DecryptResponse #

Show DecryptResponse # 
Generic DecryptResponse # 
NFData DecryptResponse # 

Methods

rnf :: DecryptResponse -> () #

type Rep DecryptResponse # 
type Rep DecryptResponse = D1 * (MetaData "DecryptResponse" "Network.AWS.KMS.Decrypt" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "DecryptResponse'" PrefixI True) ((:*:) * (S1 * (MetaSel (Just Symbol "_drsKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text))) ((:*:) * (S1 * (MetaSel (Just Symbol "_drsPlaintext") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe (Sensitive Base64)))) (S1 * (MetaSel (Just Symbol "_drsResponseStatus") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Int)))))

Response Lenses

drsKeyId :: Lens' DecryptResponse (Maybe Text) #

ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.

drsPlaintext :: Lens' DecryptResponse (Maybe ByteString) #

Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.

drsResponseStatus :: Lens' DecryptResponse Int #

  • - | The response status code.