decrypt - decrypt
Decrypts a single block of encrypted data.
The DECRYPT operation decrypts a well-formed block of ciphertext using the target encryption key and specified algorithm. This operation is the reverse of the ENCRYPT operation; only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The DECRYPT operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/decrypt permission. Microsoft recommends not to use CBC algorithms for decryption without first ensuring the integrity of the ciphertext using an HMAC, for example. See https://docs.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.
POST {vaultBaseUrl}/keys/{key-name}/{key-version}/decrypt?api-version=7.4
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
key-name
|
path | True |
string |
The name of the key. |
key-version
|
path | True |
string |
The version of the key. |
vault
|
path | True |
string |
The vault name, for example https://myvault.vault.azure.net. |
api-version
|
query | True |
string |
Client API version. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
alg | True |
algorithm identifier |
|
value | True |
string |
|
aad |
string |
Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. |
|
iv |
string |
Cryptographically random, non-repeating initialization vector for symmetric algorithms. |
|
tag |
string |
The tag to authenticate when performing decryption with an authenticated algorithm. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
The decryption result. |
|
Other Status Codes |
Key Vault error response describing why the operation failed. |
Examples
Decrypt example
Sample Request
POST https://myvault.vault.azure.net//keys/sdktestkey/4eb68492b5f6421e835d961ad2be3155/decrypt?api-version=7.4
{
"alg": "RSA-OAEP",
"value": "sid-4nG3FzRIFWXLXlG-FZo6H1-kzbNX5Exe0_VRqcGLuJWjI9oSofsn-2IagDsQzkpNAXv9V8aoIizelrK_14darhxaAV8OejO7Oh7spjxa7IxMVS3e-cwcLdEHzMbMfM1uFpDyRFqEUASHI0H8F1M2m1e9TUSXOVW3KMqm7cK94ZQMFvd4AYdLfmfnStMp_MqIQh4kpIkB6h2b1M3possVrLKH_l2L3uT-qFiwQlH9-dt0Cje5mrkpsYCy4hAXNFUPhIyBWAZwOQylIE2sPuopFs55lRIHpWP2CqNe-IK8tX87BRuJ_Vy3GIFxDjD5uu74scIyQCKMImB6xQ_-mQ"
}
Sample Response
{
"kid": "https://myvault.vault.azure.net/keys/sdktestkey/4eb68492b5f6421e835d961ad2be3155",
"value": "dvDmrSBpjRjtYg"
}
Definitions
Name | Description |
---|---|
Error |
The key vault server error. |
Json |
algorithm identifier |
Key |
The key operation result. |
Key |
The key operations parameters. |
Key |
The key vault error exception. |
Error
The key vault server error.
Name | Type | Description |
---|---|---|
code |
string |
The error code. |
innererror |
The key vault server error. |
|
message |
string |
The error message. |
JsonWebKeyEncryptionAlgorithm
algorithm identifier
Name | Type | Description |
---|---|---|
A128CBC |
string |
|
A128CBCPAD |
string |
|
A128GCM |
string |
|
A128KW |
string |
|
A192CBC |
string |
|
A192CBCPAD |
string |
|
A192GCM |
string |
|
A192KW |
string |
|
A256CBC |
string |
|
A256CBCPAD |
string |
|
A256GCM |
string |
|
A256KW |
string |
|
RSA-OAEP |
string |
|
RSA-OAEP-256 |
string |
|
RSA1_5 |
string |
KeyOperationResult
The key operation result.
Name | Type | Description |
---|---|---|
aad |
string |
|
iv |
string |
|
kid |
string |
Key identifier |
tag |
string |
|
value |
string |
KeyOperationsParameters
The key operations parameters.
Name | Type | Description |
---|---|---|
aad |
string |
Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms. |
alg |
algorithm identifier |
|
iv |
string |
Cryptographically random, non-repeating initialization vector for symmetric algorithms. |
tag |
string |
The tag to authenticate when performing decryption with an authenticated algorithm. |
value |
string |
KeyVaultError
The key vault error exception.
Name | Type | Description |
---|---|---|
error |
The key vault server error. |