AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Container for the parameters to the Decrypt operation. Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following operations:

Whenever possible, use key policies to give users permission to call the Decrypt operation on the CMK, instead of IAM policies. Otherwise, you might create an IAM user policy that gives the user Decrypt permission on all CMKs. This user could decrypt ciphertext that was encrypted by CMKs in other accounts if the key policy for the cross-account CMK permits it. If you must use an IAM policy for Decrypt permissions, limit the user to particular CMKs or particular trusted accounts.

The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.

Inheritance Hierarchy


Namespace: Amazon.KeyManagementService.Model
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z


public class DecryptRequest : AmazonKeyManagementServiceRequest

The DecryptRequest type exposes the following members


Public Method DecryptRequest()


Public Property CiphertextBlob System.IO.MemoryStream

Gets and sets the property CiphertextBlob.

Ciphertext to be decrypted. The blob includes metadata.

Public Property EncryptionContext System.Collections.Generic.Dictionary<System.String, System.String>

Gets and sets the property EncryptionContext.

The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context.

Public Property GrantTokens System.Collections.Generic.List<System.String>

Gets and sets the property GrantTokens.

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.


The following example decrypts data that was encrypted with a customer master key (CMK) in AWS KMS.

To decrypt data

var response = client.Decrypt(new DecryptRequest 
    CiphertextBlob = new MemoryStream() // The encrypted data (ciphertext).

string keyId = response.KeyId; // The Amazon Resource Name (ARN) of the CMK that was used to decrypt the data.
MemoryStream plaintext = response.Plaintext; // The decrypted (plaintext) data.


Version Information

.NET Standard:
Supported in: 1.3

.NET Framework:
Supported in: 4.5, 4.0, 3.5

Portable Class Library:
Supported in: Windows Store Apps
Supported in: Windows Phone 8.1
Supported in: Xamarin Android
Supported in: Xamarin iOS (Unified)
Supported in: Xamarin.Forms