Google Cloud Key Management Service v1 API - Enum CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm (3.7.0)

public enum CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm

Reference documentation and code samples for the Google Cloud Key Management Service v1 API enum CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.

The algorithm of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what parameters must be used for each cryptographic operation.

The [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Algorithms beginning with RSA_SIGN_ are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after RSA_SIGN_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with RSA_DECRYPT_ are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

The fields in the name after RSA_DECRYPT_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with EC_SIGN_ are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after EC_SIGN_ correspond to the following parameters: elliptic curve, digest algorithm.

Algorithms beginning with HMAC_ are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC].

The suffix following HMAC_ corresponds to the hash algorithm being used (eg. SHA256).

For more information, see Key purposes and algorithms.

Namespace

Google.Cloud.Kms.V1

Assembly

Google.Cloud.Kms.V1.dll

Fields

NameDescription
Aes128Cbc

AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.

Aes128Ctr

AES-CTR (Counter Mode) using 128-bit keys.

Aes128Gcm

AES-GCM (Galois Counter Mode) using 128-bit keys.

Aes256Cbc

AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.

Aes256Ctr

AES-CTR (Counter Mode) using 256-bit keys.

Aes256Gcm

AES-GCM (Galois Counter Mode) using 256-bit keys.

EcSignP256Sha256

ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EcSignP384Sha384

ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EcSignSecp256K1Sha256

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

ExternalSymmetricEncryption

Algorithm representing symmetric encryption by an external key manager.

GoogleSymmetricEncryption

Creates symmetric encryption keys.

HmacSha1

HMAC-SHA1 signing with a 160 bit key.

HmacSha224

HMAC-SHA224 signing with a 224 bit key.

HmacSha256

HMAC-SHA256 signing with a 256 bit key.

HmacSha384

HMAC-SHA384 signing with a 384 bit key.

HmacSha512

HMAC-SHA512 signing with a 512 bit key.

RsaDecryptOaep2048Sha1

RSAES-OAEP 2048 bit key with a SHA1 digest.

RsaDecryptOaep2048Sha256

RSAES-OAEP 2048 bit key with a SHA256 digest.

RsaDecryptOaep3072Sha1

RSAES-OAEP 3072 bit key with a SHA1 digest.

RsaDecryptOaep3072Sha256

RSAES-OAEP 3072 bit key with a SHA256 digest.

RsaDecryptOaep4096Sha1

RSAES-OAEP 4096 bit key with a SHA1 digest.

RsaDecryptOaep4096Sha256

RSAES-OAEP 4096 bit key with a SHA256 digest.

RsaDecryptOaep4096Sha512

RSAES-OAEP 4096 bit key with a SHA512 digest.

RsaSignPkcs12048Sha256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RsaSignPkcs13072Sha256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RsaSignPkcs14096Sha256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RsaSignPkcs14096Sha512

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

RsaSignPss2048Sha256

RSASSA-PSS 2048 bit key with a SHA256 digest.

RsaSignPss3072Sha256

RSASSA-PSS 3072 bit key with a SHA256 digest.

RsaSignPss4096Sha256

RSASSA-PSS 4096 bit key with a SHA256 digest.

RsaSignPss4096Sha512

RSASSA-PSS 4096 bit key with a SHA512 digest.

RsaSignRawPkcs12048

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

RsaSignRawPkcs13072

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

RsaSignRawPkcs14096

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

Unspecified

Not specified.