AWSKMSDecryptRequest
Objective-C
@interface AWSKMSDecryptRequest
Swift
class AWSKMSDecryptRequest
-
Ciphertext to be decrypted. The blob includes metadata.
Declaration
Objective-C
@property (nonatomic, strong) NSData *_Nullable ciphertextBlob;
Swift
var ciphertextBlob: Data? { get set }
-
Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify the same algorithm that was used to encrypt the data. If you specify a different algorithm, the
Decrypt
operation fails.This parameter is required only when the ciphertext was encrypted under an asymmetric CMK. The default value,
SYMMETRIC_DEFAULT
, represents the only supported algorithm that is valid for symmetric CMKs.Declaration
Objective-C
@property (nonatomic) AWSKMSEncryptionAlgorithmSpec encryptionAlgorithm;
Swift
var encryptionAlgorithm: AWSKMSEncryptionAlgorithmSpec { get set }
-
Specifies the encryption context to use when decrypting the data. An encryption context is valid only for cryptographic operations with a symmetric CMK. The standard asymmetric encryption algorithms that AWS KMS uses do not support an encryption context.
An encryption context is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric CMK, but it is highly recommended.
For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
Declaration
Objective-C
@property (nonatomic, strong) NSDictionary<NSString *, NSString *> *_Nullable encryptionContext;
Swift
var encryptionContext: [String : String]? { get set }
-
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
Declaration
Objective-C
@property (nonatomic, strong) NSArray<NSString *> *_Nullable grantTokens;
Swift
var grantTokens: [String]? { get set }
-
Specifies the customer master key (CMK) that AWS KMS uses to decrypt the ciphertext. Enter a key ID of the CMK that was used to encrypt the ciphertext.
This parameter is required only when the ciphertext was encrypted under an asymmetric CMK. If you used a symmetric CMK, AWS KMS can get the CMK from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the CMK that you intend.
To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with
"alias/"
. To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.For example:
Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name:
alias/ExampleAlias
Alias ARN:
arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.
Declaration
Objective-C
@property (nonatomic, strong) NSString *_Nullable keyId;
Swift
var keyId: String? { get set }