Decrypting and Downloading Document (privileged_unwrap)
Use the POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privileged_unwrap API to unwrap the wrapped key. The decrypted document can now be downloaded.
Syntax
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privileged_unwrap' -H 'Content-Type: application/json' --data-binary $'{\n  "wrapped_key": "<KEK>",\n  "resource_name": "<resource name>",\n  "authentication": "<authentication jwt>",\n  "reason": ""\n}' --compressed
Request Parameters
| Parameter | Type | Description | 
|---|---|---|
| id | string | ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints. | 
| wrapped_key | string | The base64 binary object returned by the unwrapcall. | 
| resource_name | string | Unique identifier for the object. It must match the resource_namethat was used towrapthe key. | 
| authentication | string | A JWT issued by a third-party asserting who the user is. | 
| reason | string | Additional information about the operation. | 
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200/privileged_unwrap' -H 'Content-Type: application/json' --data-binary $'
{
    "wrapped_key":
    "7qTh6Mp+svVwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDh
    bmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvc
    gm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2
    ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199ll
    f9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbU
    hkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==",
    "authentication": "eyJhbGciOi…",
    "reason": "{client:’takeout’ op:’read’}",
    "resource_name": "resource-name"
}' --compressed
In the sample request above, "wrapped_key" represents the key whose DEK you want to find out.
Example Response
{
    "key": "0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ=",
    "perimeter_id": "takeout"
}
In the sample output, "0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ=" represents the encryption key.
Response Codes
| Response Code | Description | 
|---|---|
| 2xx | Success | 
| 4xx | Client errors | 
Refer to HTTP status codes for details.