/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include #include namespace Aws { namespace KMS { namespace Model { /** */ class DecryptRequest : public KMSRequest { public: AWS_KMS_API DecryptRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "Decrypt"; } AWS_KMS_API Aws::String SerializePayload() const override; AWS_KMS_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

Ciphertext to be decrypted. The blob includes metadata.

*/ inline const Aws::Utils::ByteBuffer& GetCiphertextBlob() const{ return m_ciphertextBlob; } /** *

Ciphertext to be decrypted. The blob includes metadata.

*/ inline bool CiphertextBlobHasBeenSet() const { return m_ciphertextBlobHasBeenSet; } /** *

Ciphertext to be decrypted. The blob includes metadata.

*/ inline void SetCiphertextBlob(const Aws::Utils::ByteBuffer& value) { m_ciphertextBlobHasBeenSet = true; m_ciphertextBlob = value; } /** *

Ciphertext to be decrypted. The blob includes metadata.

*/ inline void SetCiphertextBlob(Aws::Utils::ByteBuffer&& value) { m_ciphertextBlobHasBeenSet = true; m_ciphertextBlob = std::move(value); } /** *

Ciphertext to be decrypted. The blob includes metadata.

*/ inline DecryptRequest& WithCiphertextBlob(const Aws::Utils::ByteBuffer& value) { SetCiphertextBlob(value); return *this;} /** *

Ciphertext to be decrypted. The blob includes metadata.

*/ inline DecryptRequest& WithCiphertextBlob(Aws::Utils::ByteBuffer&& value) { SetCiphertextBlob(std::move(value)); return *this;} /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline const Aws::Map& GetEncryptionContext() const{ return m_encryptionContext; } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline bool EncryptionContextHasBeenSet() const { return m_encryptionContextHasBeenSet; } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline void SetEncryptionContext(const Aws::Map& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext = value; } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline void SetEncryptionContext(Aws::Map&& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext = std::move(value); } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline DecryptRequest& WithEncryptionContext(const Aws::Map& value) { SetEncryptionContext(value); return *this;} /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline DecryptRequest& WithEncryptionContext(Aws::Map&& value) { SetEncryptionContext(std::move(value)); return *this;} /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddEncryptionContext(const Aws::String& key, const Aws::String& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(key, value); return *this; } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddEncryptionContext(Aws::String&& key, const Aws::String& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(std::move(key), value); return *this; } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddEncryptionContext(const Aws::String& key, Aws::String&& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(key, std::move(value)); return *this; } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddEncryptionContext(Aws::String&& key, Aws::String&& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(std::move(key), std::move(value)); return *this; } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddEncryptionContext(const char* key, Aws::String&& value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(key, std::move(value)); return *this; } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddEncryptionContext(Aws::String&& key, const char* value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(std::move(key), value); return *this; } /** *

Specifies the encryption context to use when decrypting the data. An * encryption context is valid only for cryptographic * operations with a symmetric encryption KMS key. The standard asymmetric * encryption algorithms and HMAC algorithms that KMS uses do not support an * encryption context.

An encryption context is a collection of * non-secret key-value pairs that represent additional authenticated data. When * you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an encryption context is * optional, but it is strongly recommended.

For more information, see Encryption * context in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddEncryptionContext(const char* key, const char* value) { m_encryptionContextHasBeenSet = true; m_encryptionContext.emplace(key, value); return *this; } /** *

A list of grant tokens.

Use a grant token when your permission to * call this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline const Aws::Vector& GetGrantTokens() const{ return m_grantTokens; } /** *

A list of grant tokens.

Use a grant token when your permission to * call this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline bool GrantTokensHasBeenSet() const { return m_grantTokensHasBeenSet; } /** *

A list of grant tokens.

Use a grant token when your permission to * call this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline void SetGrantTokens(const Aws::Vector& value) { m_grantTokensHasBeenSet = true; m_grantTokens = value; } /** *

A list of grant tokens.

Use a grant token when your permission to * call this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline void SetGrantTokens(Aws::Vector&& value) { m_grantTokensHasBeenSet = true; m_grantTokens = std::move(value); } /** *

A list of grant tokens.

Use a grant token when your permission to * call this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline DecryptRequest& WithGrantTokens(const Aws::Vector& value) { SetGrantTokens(value); return *this;} /** *

A list of grant tokens.

Use a grant token when your permission to * call this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline DecryptRequest& WithGrantTokens(Aws::Vector&& value) { SetGrantTokens(std::move(value)); return *this;} /** *

A list of grant tokens.

Use a grant token when your permission to * call this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddGrantTokens(const Aws::String& value) { m_grantTokensHasBeenSet = true; m_grantTokens.push_back(value); return *this; } /** *

A list of grant tokens.

Use a grant token when your permission to * call this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddGrantTokens(Aws::String&& value) { m_grantTokensHasBeenSet = true; m_grantTokens.push_back(std::move(value)); return *this; } /** *

A list of grant tokens.

Use a grant token when your permission to * call this operation comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant * token and Using * a grant token in the Key Management Service Developer Guide.

*/ inline DecryptRequest& AddGrantTokens(const char* value) { m_grantTokensHasBeenSet = true; m_grantTokens.push_back(value); return *this; } /** *

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a * key ID of the KMS key that was used to encrypt the ciphertext. If you identify a * different KMS key, the Decrypt operation throws an * IncorrectKeyException.

This parameter is required only when * the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds * to the symmetric ciphertext blob. However, it is always recommended as a best * practice. This practice ensures that you use the KMS key that you intend.

*

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When * using an alias name, prefix it with "alias/". To specify a KMS key * in a different Amazon Web Services account, you must use the key ARN or alias * ARN.

For example:

Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline const Aws::String& GetKeyId() const{ return m_keyId; } /** *

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a * key ID of the KMS key that was used to encrypt the ciphertext. If you identify a * different KMS key, the Decrypt operation throws an * IncorrectKeyException.

This parameter is required only when * the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds * to the symmetric ciphertext blob. However, it is always recommended as a best * practice. This practice ensures that you use the KMS key that you intend.

*

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When * using an alias name, prefix it with "alias/". To specify a KMS key * in a different Amazon Web Services account, you must use the key ARN or alias * ARN.

For example:

Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline bool KeyIdHasBeenSet() const { return m_keyIdHasBeenSet; } /** *

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a * key ID of the KMS key that was used to encrypt the ciphertext. If you identify a * different KMS key, the Decrypt operation throws an * IncorrectKeyException.

This parameter is required only when * the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds * to the symmetric ciphertext blob. However, it is always recommended as a best * practice. This practice ensures that you use the KMS key that you intend.

*

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When * using an alias name, prefix it with "alias/". To specify a KMS key * in a different Amazon Web Services account, you must use the key ARN or alias * ARN.

For example:

Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline void SetKeyId(const Aws::String& value) { m_keyIdHasBeenSet = true; m_keyId = value; } /** *

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a * key ID of the KMS key that was used to encrypt the ciphertext. If you identify a * different KMS key, the Decrypt operation throws an * IncorrectKeyException.

This parameter is required only when * the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds * to the symmetric ciphertext blob. However, it is always recommended as a best * practice. This practice ensures that you use the KMS key that you intend.

*

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When * using an alias name, prefix it with "alias/". To specify a KMS key * in a different Amazon Web Services account, you must use the key ARN or alias * ARN.

For example:

Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline void SetKeyId(Aws::String&& value) { m_keyIdHasBeenSet = true; m_keyId = std::move(value); } /** *

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a * key ID of the KMS key that was used to encrypt the ciphertext. If you identify a * different KMS key, the Decrypt operation throws an * IncorrectKeyException.

This parameter is required only when * the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds * to the symmetric ciphertext blob. However, it is always recommended as a best * practice. This practice ensures that you use the KMS key that you intend.

*

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When * using an alias name, prefix it with "alias/". To specify a KMS key * in a different Amazon Web Services account, you must use the key ARN or alias * ARN.

For example:

Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline void SetKeyId(const char* value) { m_keyIdHasBeenSet = true; m_keyId.assign(value); } /** *

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a * key ID of the KMS key that was used to encrypt the ciphertext. If you identify a * different KMS key, the Decrypt operation throws an * IncorrectKeyException.

This parameter is required only when * the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds * to the symmetric ciphertext blob. However, it is always recommended as a best * practice. This practice ensures that you use the KMS key that you intend.

*

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When * using an alias name, prefix it with "alias/". To specify a KMS key * in a different Amazon Web Services account, you must use the key ARN or alias * ARN.

For example:

Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline DecryptRequest& WithKeyId(const Aws::String& value) { SetKeyId(value); return *this;} /** *

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a * key ID of the KMS key that was used to encrypt the ciphertext. If you identify a * different KMS key, the Decrypt operation throws an * IncorrectKeyException.

This parameter is required only when * the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds * to the symmetric ciphertext blob. However, it is always recommended as a best * practice. This practice ensures that you use the KMS key that you intend.

*

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When * using an alias name, prefix it with "alias/". To specify a KMS key * in a different Amazon Web Services account, you must use the key ARN or alias * ARN.

For example:

Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline DecryptRequest& WithKeyId(Aws::String&& value) { SetKeyId(std::move(value)); return *this;} /** *

Specifies the KMS key that KMS uses to decrypt the ciphertext.

Enter a * key ID of the KMS key that was used to encrypt the ciphertext. If you identify a * different KMS key, the Decrypt operation throws an * IncorrectKeyException.

This parameter is required only when * the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds * to the symmetric ciphertext blob. However, it is always recommended as a best * practice. This practice ensures that you use the KMS key that you intend.

*

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When * using an alias name, prefix it with "alias/". To specify a KMS key * in a different Amazon Web Services account, you must use the key ARN or alias * ARN.

For example:

Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
Alias name: alias/ExampleAlias
*
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name and alias ARN, use * ListAliases.

*/ inline DecryptRequest& WithKeyId(const char* value) { SetKeyId(value); return *this;} /** *

Specifies the encryption algorithm that will be used to decrypt the * ciphertext. Specify the same algorithm that was used to encrypt the data. If you * specify a different algorithm, the Decrypt operation fails.

*

This parameter is required only when the ciphertext was encrypted under an * asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, * represents the only supported algorithm that is valid for symmetric encryption * KMS keys.

*/ inline const EncryptionAlgorithmSpec& GetEncryptionAlgorithm() const{ return m_encryptionAlgorithm; } /** *

Specifies the encryption algorithm that will be used to decrypt the * ciphertext. Specify the same algorithm that was used to encrypt the data. If you * specify a different algorithm, the Decrypt operation fails.

*

This parameter is required only when the ciphertext was encrypted under an * asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, * represents the only supported algorithm that is valid for symmetric encryption * KMS keys.

*/ inline bool EncryptionAlgorithmHasBeenSet() const { return m_encryptionAlgorithmHasBeenSet; } /** *

Specifies the encryption algorithm that will be used to decrypt the * ciphertext. Specify the same algorithm that was used to encrypt the data. If you * specify a different algorithm, the Decrypt operation fails.

*

This parameter is required only when the ciphertext was encrypted under an * asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, * represents the only supported algorithm that is valid for symmetric encryption * KMS keys.

*/ inline void SetEncryptionAlgorithm(const EncryptionAlgorithmSpec& value) { m_encryptionAlgorithmHasBeenSet = true; m_encryptionAlgorithm = value; } /** *

Specifies the encryption algorithm that will be used to decrypt the * ciphertext. Specify the same algorithm that was used to encrypt the data. If you * specify a different algorithm, the Decrypt operation fails.

*

This parameter is required only when the ciphertext was encrypted under an * asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, * represents the only supported algorithm that is valid for symmetric encryption * KMS keys.

*/ inline void SetEncryptionAlgorithm(EncryptionAlgorithmSpec&& value) { m_encryptionAlgorithmHasBeenSet = true; m_encryptionAlgorithm = std::move(value); } /** *

Specifies the encryption algorithm that will be used to decrypt the * ciphertext. Specify the same algorithm that was used to encrypt the data. If you * specify a different algorithm, the Decrypt operation fails.

*

This parameter is required only when the ciphertext was encrypted under an * asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, * represents the only supported algorithm that is valid for symmetric encryption * KMS keys.

*/ inline DecryptRequest& WithEncryptionAlgorithm(const EncryptionAlgorithmSpec& value) { SetEncryptionAlgorithm(value); return *this;} /** *

Specifies the encryption algorithm that will be used to decrypt the * ciphertext. Specify the same algorithm that was used to encrypt the data. If you * specify a different algorithm, the Decrypt operation fails.

*

This parameter is required only when the ciphertext was encrypted under an * asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, * represents the only supported algorithm that is valid for symmetric encryption * KMS keys.

*/ inline DecryptRequest& WithEncryptionAlgorithm(EncryptionAlgorithmSpec&& value) { SetEncryptionAlgorithm(std::move(value)); return *this;} /** *

A signed attestation * document from an Amazon Web Services Nitro enclave and the encryption * algorithm to use with the enclave's public key. The only valid encryption * algorithm is RSAES_OAEP_SHA_256.

This parameter only * supports attestation documents for Amazon Web Services Nitro Enclaves. To * include this parameter, use the Amazon * Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

When * you use this parameter, instead of returning the plaintext data, KMS encrypts * the plaintext data with the public key in the attestation document, and returns * the resulting ciphertext in the CiphertextForRecipient field in the * response. This ciphertext can be decrypted only with the private key in the * enclave. The Plaintext field in the response is null or empty.

*

For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline const RecipientInfo& GetRecipient() const{ return m_recipient; } /** *

A signed attestation * document from an Amazon Web Services Nitro enclave and the encryption * algorithm to use with the enclave's public key. The only valid encryption * algorithm is RSAES_OAEP_SHA_256.

This parameter only * supports attestation documents for Amazon Web Services Nitro Enclaves. To * include this parameter, use the Amazon * Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

When * you use this parameter, instead of returning the plaintext data, KMS encrypts * the plaintext data with the public key in the attestation document, and returns * the resulting ciphertext in the CiphertextForRecipient field in the * response. This ciphertext can be decrypted only with the private key in the * enclave. The Plaintext field in the response is null or empty.

*

For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline bool RecipientHasBeenSet() const { return m_recipientHasBeenSet; } /** *

A signed attestation * document from an Amazon Web Services Nitro enclave and the encryption * algorithm to use with the enclave's public key. The only valid encryption * algorithm is RSAES_OAEP_SHA_256.

This parameter only * supports attestation documents for Amazon Web Services Nitro Enclaves. To * include this parameter, use the Amazon * Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

When * you use this parameter, instead of returning the plaintext data, KMS encrypts * the plaintext data with the public key in the attestation document, and returns * the resulting ciphertext in the CiphertextForRecipient field in the * response. This ciphertext can be decrypted only with the private key in the * enclave. The Plaintext field in the response is null or empty.

*

For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline void SetRecipient(const RecipientInfo& value) { m_recipientHasBeenSet = true; m_recipient = value; } /** *

A signed attestation * document from an Amazon Web Services Nitro enclave and the encryption * algorithm to use with the enclave's public key. The only valid encryption * algorithm is RSAES_OAEP_SHA_256.

This parameter only * supports attestation documents for Amazon Web Services Nitro Enclaves. To * include this parameter, use the Amazon * Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

When * you use this parameter, instead of returning the plaintext data, KMS encrypts * the plaintext data with the public key in the attestation document, and returns * the resulting ciphertext in the CiphertextForRecipient field in the * response. This ciphertext can be decrypted only with the private key in the * enclave. The Plaintext field in the response is null or empty.

*

For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline void SetRecipient(RecipientInfo&& value) { m_recipientHasBeenSet = true; m_recipient = std::move(value); } /** *

A signed attestation * document from an Amazon Web Services Nitro enclave and the encryption * algorithm to use with the enclave's public key. The only valid encryption * algorithm is RSAES_OAEP_SHA_256.

This parameter only * supports attestation documents for Amazon Web Services Nitro Enclaves. To * include this parameter, use the Amazon * Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

When * you use this parameter, instead of returning the plaintext data, KMS encrypts * the plaintext data with the public key in the attestation document, and returns * the resulting ciphertext in the CiphertextForRecipient field in the * response. This ciphertext can be decrypted only with the private key in the * enclave. The Plaintext field in the response is null or empty.

*

For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline DecryptRequest& WithRecipient(const RecipientInfo& value) { SetRecipient(value); return *this;} /** *

A signed attestation * document from an Amazon Web Services Nitro enclave and the encryption * algorithm to use with the enclave's public key. The only valid encryption * algorithm is RSAES_OAEP_SHA_256.

This parameter only * supports attestation documents for Amazon Web Services Nitro Enclaves. To * include this parameter, use the Amazon * Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

When * you use this parameter, instead of returning the plaintext data, KMS encrypts * the plaintext data with the public key in the attestation document, and returns * the resulting ciphertext in the CiphertextForRecipient field in the * response. This ciphertext can be decrypted only with the private key in the * enclave. The Plaintext field in the response is null or empty.

*

For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How * Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service * Developer Guide.

*/ inline DecryptRequest& WithRecipient(RecipientInfo&& value) { SetRecipient(std::move(value)); return *this;} /** *

Checks if your request will succeed. DryRun is an optional * parameter.

To learn more about how to use this parameter, see Testing * your KMS API calls in the Key Management Service Developer Guide.

*/ inline bool GetDryRun() const{ return m_dryRun; } /** *

Checks if your request will succeed. DryRun is an optional * parameter.

To learn more about how to use this parameter, see Testing * your KMS API calls in the Key Management Service Developer Guide.

*/ inline bool DryRunHasBeenSet() const { return m_dryRunHasBeenSet; } /** *

Checks if your request will succeed. DryRun is an optional * parameter.

To learn more about how to use this parameter, see Testing * your KMS API calls in the Key Management Service Developer Guide.

*/ inline void SetDryRun(bool value) { m_dryRunHasBeenSet = true; m_dryRun = value; } /** *

Checks if your request will succeed. DryRun is an optional * parameter.

To learn more about how to use this parameter, see Testing * your KMS API calls in the Key Management Service Developer Guide.

*/ inline DecryptRequest& WithDryRun(bool value) { SetDryRun(value); return *this;} private: Aws::Utils::ByteBuffer m_ciphertextBlob; bool m_ciphertextBlobHasBeenSet = false; Aws::Map m_encryptionContext; bool m_encryptionContextHasBeenSet = false; Aws::Vector m_grantTokens; bool m_grantTokensHasBeenSet = false; Aws::String m_keyId; bool m_keyIdHasBeenSet = false; EncryptionAlgorithmSpec m_encryptionAlgorithm; bool m_encryptionAlgorithmHasBeenSet = false; RecipientInfo m_recipient; bool m_recipientHasBeenSet = false; bool m_dryRun; bool m_dryRunHasBeenSet = false; }; } // namespace Model } // namespace KMS } // namespace Aws