AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Container for the parameters to the Decrypt operation. Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following functions:

Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies that grant Decrypt permission on all resources), then ciphertext encrypted by using keys in other accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt access only in key policies. If you must grant Decrypt access in an IAM user policy, you should scope the resource to specific keys or to specific trusted accounts.

Inheritance Hierarchy

System.Object
  Amazon.Runtime.AmazonWebServiceRequest
    Amazon.KeyManagementService.AmazonKeyManagementServiceRequest
      Amazon.KeyManagementService.Model.DecryptRequest

Namespace: Amazon.KeyManagementService.Model
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z

Syntax

C#
public class DecryptRequest : AmazonKeyManagementServiceRequest
         IAmazonWebServiceRequest

The DecryptRequest type exposes the following members

Constructors

NameDescription
Public Method DecryptRequest()

Properties

NameTypeDescription
Public Property CiphertextBlob System.IO.MemoryStream

Gets and sets the property CiphertextBlob.

Ciphertext to be decrypted. The blob includes metadata.

Public Property EncryptionContext System.Collections.Generic.Dictionary<System.String, System.String>

Gets and sets the property EncryptionContext.

The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context.

Public Property GrantTokens System.Collections.Generic.List<System.String>

Gets and sets the property GrantTokens.

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Examples

The following example decrypts data that was encrypted with a customer master key (CMK) in AWS KMS.

To decrypt data


var response = client.Decrypt(new DecryptRequest 
{
    CiphertextBlob = new MemoryStream() // The encrypted data (ciphertext).
});

string keyId = response.KeyId; // The Amazon Resource Name (ARN) of the CMK that was used to decrypt the data.
MemoryStream plaintext = response.Plaintext; // The decrypted (plaintext) data.

            

Version Information

.NET Standard:
Supported in: 1.3

.NET Framework:
Supported in: 4.5, 4.0, 3.5

Portable Class Library:
Supported in: Windows Store Apps
Supported in: Windows Phone 8.1
Supported in: Xamarin Android
Supported in: Xamarin iOS (Unified)
Supported in: Xamarin.Forms