Metode: membuka hak istimewa
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Mendekripsi data yang diekspor dari Google dalam konteks hak istimewa. Sebelumnya dikenal sebagai
TakeoutUnwrap. Menampilkan Kunci Enkripsi Data (DEK) yang digabungkan menggunakan
wrap tanpa memeriksa dokumen asli
atau daftar kontrol akses file (ACL). Untuk contoh kasus penggunaan, lihat:
Google Takeout.
Permintaan HTTP
POST https://KACLS_URL/privilegedunwrap
Ganti KACLS_URL dengan Key Access Control List Service (KACLS)
.
Parameter jalur
Tidak ada.
Isi permintaan
Isi permintaan memuat data dengan struktur berikut:
| Representasi JSON |
{
"authentication": string,
"reason": string,
"resource_name": string,
"wrapped_key": string
}
|
| Kolom |
authentication |
string
JWT yang dikeluarkan oleh IdP yang menyatakan siapa pengguna. Lihat token autentikasi.
|
reason |
string (UTF-8)
String JSON passthrough yang memberikan konteks tambahan tentang operasi. JSON yang disediakan harus dibersihkan sebelum ditampilkan. Ukuran maksimum: 1 KB.
|
resource_name |
string (UTF-8)
ID untuk objek yang dienkripsi oleh DEK. Nilai ini harus cocok dengan resource_name yang digunakan untuk menggabungkan kunci. Ukuran maksimum: 128 byte.
|
wrapped_key |
string
Objek biner base64 yang ditampilkan oleh wrap.
|
Isi respons
Jika berhasil, metode ini akan menampilkan kunci enkripsi dokumen.
Jika operasi gagal, sebuah
balasan error terstruktur
harus ditampilkan.
| Representasi JSON |
{
"key": string
}
|
| Kolom |
key |
string
DEK berenkode base64.
|
Contoh
Contoh ini memberikan contoh permintaan dan respons untuk privilegedunwrap
.
Permintaan
POST https://mykacls.example.com/v1/takeout_unwrap
{
"wrapped_key": "7qTh6Mp+svVwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==",
"authentication": "eyJhbGciOi…"
"reason": "{client:'takeout' op:'read'}"
"resource_name": "item123"
}
Tanggapan
{
"key": "0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ="
}
Kecuali dinyatakan lain, konten di halaman ini dilisensikan berdasarkan Lisensi Creative Commons Attribution 4.0, sedangkan contoh kode dilisensikan berdasarkan Lisensi Apache 2.0. Untuk mengetahui informasi selengkapnya, lihat Kebijakan Situs Google Developers. Java adalah merek dagang terdaftar dari Oracle dan/atau afiliasinya.
Terakhir diperbarui pada 2025-07-25 UTC.
[null,null,["Terakhir diperbarui pada 2025-07-25 UTC."],[[["\u003cp\u003eDecrypts data exported from Google Takeout in a privileged context, bypassing standard access controls.\u003c/p\u003e\n"],["\u003cp\u003eRequires a JWT for authentication and identifies the encrypted object with a resource name.\u003c/p\u003e\n"],["\u003cp\u003eReturns the Data Encryption Key (DEK) used to encrypt the data, allowing privileged access to its content.\u003c/p\u003e\n"],["\u003cp\u003eUses a specific request body structure containing authentication, reason, resource name, and the wrapped key.\u003c/p\u003e\n"]]],["The `privilegedunwrap` method decrypts data exported from Google. It requires a POST request to the KACLS URL with a JSON body containing the `wrapped_key`, `authentication` JWT, `reason` string, and `resource_name`. This method returns the base64-encoded Data Encryption Key (DEK) without verifying document or file access control. The `wrapped_key` is a base64 binary object. The `resource_name` must match the value used during the key wrapping process. Upon success, the response contains the decrypted DEK as a base64 string.\n"],null,["# Method: privilegedunwrap\n\nDecrypts data exported from Google in a privileged context. Previously known as\n`TakeoutUnwrap`. Returns the Data Encryption Key (DEK) that was wrapped using\n[`wrap`](/workspace/cse/reference/wrap) without checking the original document\nor file access control list (ACL). For an example use case, see:\n[Google Takeout](https://support.google.com/a/answer/100458).\n\n### HTTP request\n\n`POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privilegedunwrap`\n\nReplace \u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e with the Key Access Control List Service (KACLS)\nURL.\n\n### Path parameters\n\nNone.\n\n### Request body\n\nThe request body contains data with the following structure:\n\n| JSON representation ||\n|--------------------------------------------------------------------------------------------------------|---|\n| ``` { \"authentication\": string, \"reason\": string, \"resource_name\": string, \"wrapped_key\": string } ``` |\n\n| Fields ||\n|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `authentication` | `string` A JWT issued by the IdP asserting who the user is. See [authentication tokens](/workspace/cse/reference/authentication-tokens). |\n| `reason` | `string (UTF-8)` A passthrough JSON string providing additional context about the operation. The JSON provided should be sanitized before being displayed. Maximum size: 1 KB. |\n| `resource_name` | `string (UTF-8)` An identifier for the object encrypted by the DEK. This value must match the `resource_name` used to wrap the key. Maximum size: 128 bytes. |\n| `wrapped_key` | `string` The base64 binary object returned by [`wrap`](/workspace/cse/reference/wrap). |\n\n### Response body\n\nIf successful, this method returns the document encryption key.\n\nIf the operation fails, a\n[structured error reply](/workspace/cse/reference/structured-errors)\nshould be returned.\n\n| JSON representation ||\n|---------------------------|---|\n| ``` { \"key\": string } ``` |\n\n| Fields ||\n|-------|----------------------------------|\n| `key` | `string` The base64-encoded DEK. |\n\n### Example\n\nThis example provides a sample request and response for the `privilegedunwrap`\nmethod.\n\n#### Request\n\n POST https://mykacls.example.com/v1/takeout_unwrap\n\n {\n \"wrapped_key\": \"7qTh6Mp+svVwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==\",\n \"authentication\": \"eyJhbGciOi...\"\n \"reason\": \"{client:'takeout' op:'read'}\"\n \"resource_name\": \"item123\"\n }\n\n#### Response\n\n {\n \"key\": \"0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ=\"\n }"]]
