Google Cloud Key Management Service v1 API - Class ImportCryptoKeyVersionRequest (3.3.0)

public sealed class ImportCryptoKeyVersionRequest : IMessage<ImportCryptoKeyVersionRequest>, IEquatable<ImportCryptoKeyVersionRequest>, IDeepCloneable<ImportCryptoKeyVersionRequest>, IBufferMessage, IMessage

Reference documentation and code samples for the Google Cloud Key Management Service v1 API class ImportCryptoKeyVersionRequest.

Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].

Inheritance

Object > ImportCryptoKeyVersionRequest

Namespace

Google.Cloud.Kms.V1

Assembly

Google.Cloud.Kms.V1.dll

Constructors

ImportCryptoKeyVersionRequest()

public ImportCryptoKeyVersionRequest()

ImportCryptoKeyVersionRequest(ImportCryptoKeyVersionRequest)

public ImportCryptoKeyVersionRequest(ImportCryptoKeyVersionRequest other)
Parameter
NameDescription
otherImportCryptoKeyVersionRequest

Properties

Algorithm

public CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm Algorithm { get; set; }

Required. The [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] of the key being imported. This does not need to match the [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] this version imports into.

Property Value
TypeDescription
CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm

CryptoKeyVersion

public string CryptoKeyVersion { get; set; }

Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation. If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the supplied key material is created.

If this field is present, the supplied key material is imported into the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via [ImportCryptoKeyVersion][], and be in [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED] state. The key material and algorithm must match the previous [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained key material.

Property Value
TypeDescription
String

CryptoKeyVersionAsCryptoKeyVersionName

public CryptoKeyVersionName CryptoKeyVersionAsCryptoKeyVersionName { get; set; }

CryptoKeyVersionName-typed view over the CryptoKeyVersion resource name property.

Property Value
TypeDescription
CryptoKeyVersionName

ImportJob

public string ImportJob { get; set; }

Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key material.

Property Value
TypeDescription
String

Parent

public string Parent { get; set; }

Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.

The create permission is only required on this key when creating a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

Property Value
TypeDescription
String

ParentAsCryptoKeyName

public CryptoKeyName ParentAsCryptoKeyName { get; set; }

CryptoKeyName-typed view over the Parent resource name property.

Property Value
TypeDescription
CryptoKeyName

RsaAesWrappedKey

public ByteString RsaAesWrappedKey { get; set; }

Optional. This field has the same meaning as [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]. Prefer to use that field in new work. Either that field or this field (but not both) must be specified.

Property Value
TypeDescription
ByteString

WrappedKey

public ByteString WrappedKey { get; set; }

Optional. The wrapped key material to import.

Before wrapping, key material must be formatted. If importing symmetric key material, the expected key material format is plain bytes. If importing asymmetric key material, the expected key material format is PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208).

When wrapping with import methods ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256] or [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256] or [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256] or [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]),

this field must contain the concatenation of: <ol> <li>An ephemeral AES-256 wrapping key wrapped with the [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty label. </li> <li>The formatted key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649). </li> </ol>

This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.

When wrapping with import methods ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256] or [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]),

this field must contain the formatted key to be imported, wrapped with the [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP with SHA-256, MGF1 with SHA-256, and an empty label.

Property Value
TypeDescription
ByteString

WrappedKeyMaterialCase

public ImportCryptoKeyVersionRequest.WrappedKeyMaterialOneofCase WrappedKeyMaterialCase { get; }
Property Value
TypeDescription
ImportCryptoKeyVersionRequest.WrappedKeyMaterialOneofCase