Decrypts without checking the wrapped private key ACL. It's used to decrypt the data exported (takeout) from Google.
HTTP request
POST https://BASE_URL/privilegedprivatekeydecrypt
Replace BASE_URL
with the base URL.
Path parameters
None.
Request body
The request body contains data with the following structure:
JSON representation | |
---|---|
{ "authentication": string, "algorithm": string, "encrypted_data_encryption_key": string, "rsa_oaep_label": string, "reason": string, "spki_hash": string, "spki_hash_algorithm": string, "wrapped_private_key": string } |
Fields | |
---|---|
authentication |
A JWT issued by the identity provider (IdP) asserting who the user is. See authentication tokens. |
algorithm |
The algorithm that was used to encrypt the Data Encryption Key (DEK) in envelope encryption. |
encrypted_data_encryption_key |
Base64-encoded encrypted content encryption key, which is encrypted with the public key associated with the private key. Max size: 1 KB. |
rsa_oaep_label |
Base64-encoded label L, if the algorithm is RSAES-OAEP. If the algorithm is not RSAES-OAEP, this field is ignored. |
reason |
A passthrough JSON string providing additional context about the operation. The JSON provided should be sanitized before being displayed. Max size: 1 KB. |
spki_hash |
Standard base64-encoded digest of the DER-encoded |
spki_hash_algorithm |
Algorithm used to produce |
wrapped_private_key |
The base64-encoded wrapped private key. Max size: 8 KB. |
Response body
If successful, this method returns the base64 data encryption key. This key is used client-side to decrypt the message body.
If the operation fails, a structured error reply is returned.
JSON representation | |
---|---|
{ "data_encryption_key": string } |
Fields | |
---|---|
data_encryption_key |
A base64-encoded data encryption key. |
Example
This example provides a sample request and response for the
privilegedprivatekeydecrypt
method.
Request
POST https://mykacls.example.org/v1/privilegedprivatekeydecrypt
{
"wrapped_private_key": "wHrlNOTI9mU6PBdqiq7EQA...",
"encrypted_data_encryption_key": "dGVzdCB3cmFwcGVkIGRlaw...",
"authentication": "eyJhbGciOi...",
"spki_hash": "LItGzrmjSFD57QdrY1dcLwYmSwBXzhQLAA6zVcen+r0=",
"spki_hash_algorithm": "SHA-256",
"algorithm": "RSA/ECB/PKCS1Padding",
"reason": "admin decrypt"
}
Response
{
"data_encryption_key": "akRQtv3nr+jUhcFL6JmKzB+WzUxbkkMyW5kQsqGUAFc"
}