The order of batch items in the response matches that of the request. returned in the same order. An individual status code is returned for each batch item.
Note : Provide the key ID in the kid field. The key field within the request field should be omitted.
UUID of the sobject
Uniquely identifies a persisted or transient sobject.
Type of security object.
A cryptographic algorithm.
Ciphertext bytes to be decrypted.
Note that when performing format-preserving decryption (i.e., detokenization), the ciphertext should be encoded as UTF-8 bytes.
CipherMode or RsaEncryptionPadding, depending on the encryption algorithm.
Specifies the Mask Generating Function (MGF) to use.
A hash algorithm.
The initialization vector to use, required for modes that take IVs (and irrelevant otherwise).
The authenticated data to use. This is only applicable when using authenticated decryption modes (like GCM or CCM).
The authentication tag, relevant for authenticated encryption modes (i.e., GCM or CCM), and otherwise irrelevant.
Whether to returned a masked result when detokenizing (i.e., when decrypting using the FF1/FPE mode). Defaults to false.
This field is only useful if the app has the DECRYPT permission.
In such situations, when this field is true, decryption returns
masked output. However, with the MASKDECRYPT permission, this field
is ignored and detokenization will always return the masked output.
The optional label to use. Currently this field only serves as the rsa_oaep_label when the decryption algorithm is RSA and the mode is Oaep. For other modes, providing this field causes a bad request error.
Success result
The ID of the key used for decryption. Returned for non-transient keys.
Decrypted plaintext bytes.
Note that when performing format-preserving decryption (i.e., detokenization), the plaintext is encoded as UTF-8 bytes.