Decrypt data using a symmetric or asymmetric key.

Published on Apr 2, 2025

1 minute(s) read

Post

/crypto/v1/decrypt

For symmetric ciphers, mode (the block cipher mode) is a required field. For GCM and CCM modes, tag_len is a required field. iv is required for symmetric ciphers and unused for asymmetric ciphers. If the mode requires one, the request must contain the initialization vector used when the data was encrypted. Objects of type Opaque, EC, or HMAC may not be used with this API.

Security

HTTP

Type bearer

API Key

Header parameter nameAuthorization

Body parameters

Expand All

object

key

OneOf

SobjectDescriptorVariantKid

object (SobjectDescriptorVariantKid)

kid

string (uuid) Required

SobjectDescriptorVariantName

object (SobjectDescriptorVariantName)

name

string Required

Max length4096

Pattern^[^\n]*[^\s\n][^\n]*$

SobjectDescriptorVariantTransientKey

object (SobjectDescriptorVariantTransientKey)

transient_key

string (byte) Required

SobjectDescriptorVariantInline

object (SobjectDescriptorVariantInline)

inline

object Required

value

string (byte) Required

obj_type

string Required

Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ]

alg

string

Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "KCDSA", "EC", "ECKCDSA", "BIP32", "BLS", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "HMAC", "LEDABETA", "ROUND5BETA", "PBE" ]

cipher

string (byte) Required

mode

OneOf

string

Valid values[ "ECB", "CBC", "CBCNOPAD", "CFB", "OFB", "CTR", "GCM", "CCM", "KW", "KWP", "FF1" ]

object

OneOf

RsaEncryptionPaddingVariantOaep

object (RsaEncryptionPaddingVariantOaep)

OAEP

object Required

mgf

OneOf

MgfVariantMgf1

object (MgfVariantMgf1)

mgf1

object Required

hash

string Required

Valid values[ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ]

RsaEncryptionPaddingVariantPkcs1V15

object (RsaEncryptionPaddingVariantPkcs1V15)

PKCS1_V15

object Required

RsaEncryptionPaddingVariantRawDecrypt

object (RsaEncryptionPaddingVariantRawDecrypt)

RAW_DECRYPT

object Required

string (byte)

tag

string (byte)

masked

boolean | null

label

string (byte)

Responses

2XX

Success result

object

kid

string (uuid) | null

plain

string (byte)

Was this article helpful?