Decrypts data by using a specific certificate.
Limit: The encryption algorithm in the request parameters must match the key type.
The following table describes the mapping between encryption algorithms and key types.
Algorithm |
Key Spec |
---|---|
RSAES_OAEP_SHA_1 |
RSA_2048 |
RSAES_OAEP_SHA_256 |
RSA_2048 |
SM2PKE |
EC_SM2 |
In this example, the certificate whose ID is 12345678-1234-1234-1234-12345678****
and the encryption algorithm RSAES_OAEP_SHA_256
are used to decrypt the data ZOyIygCyaOW6Gj****MlNKiuyjfzw=
.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | CertificatePrivateKeyDecrypt |
The operation that you want to perform. Set the value to CertificatePrivateKeyDecrypt. |
CertificateId | String | Yes | 12345678-1234-1234-1234-12345678**** |
The ID of the certificate. The ID must be globally unique in Certificates Manager. |
Algorithm | String | Yes | RSAES_OAEP_SHA_256 |
The encryption algorithm. Valid values:
|
CiphertextBlob | String | Yes | ZOyIygCyaOW6Gj****MlNKiuyjfzw= |
The data that you want to decrypt. The value is encoded in Base64. |
For more information about common request parameters, see Common parameters.
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 5979d897-d69f-4fc9-87dd-f3bb73c40b80 |
The ID of the request, which is used to locate and troubleshoot issues. |
CertificateId | String | 12345678-1234-1234-1234-12345678**** |
The ID of the certificate. |
Plaintext | String | VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4 |
The plaintext after data is decrypted. The value is encoded in Base64. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=CertificatePrivateKeyDecrypt
&CertificateId=12345678-1234-1234-1234-12345678****
&Algorithm=RSAES_OAEP_SHA_256
&CiphertextBlob=ZOyIygCyaOW6Gj****MlNKiuyjfzw=
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<CertificatePrivateKeyDecryptResponse>
<RequestId>5979d897-d69f-4fc9-87dd-f3bb73c40b80</RequestId>
<CertificateId>12345678-1234-1234-1234-12345678****</CertificateId>
<Plaintext>VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4</Plaintext>
</CertificatePrivateKeyDecryptResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "5979d897-d69f-4fc9-87dd-f3bb73c40b80",
"CertificateId" : "12345678-1234-1234-1234-12345678****",
"Plaintext" : "VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidParameter | The specified parameter is not valid. | The error message returned because an invalid value is specified for the parameter. |
404 | Certificate.NotFound | The specified certificate is not found. | The error message returned because the specified certificate does not exist. |
404 | InvalidAccessKeyId.NotFound | The Access Key ID provided does not exist in our records. | The error message returned because the specified AccessKey ID does not exist. |
For a list of error codes, visit the API Error Center.