public static final class CryptoDeterministicConfig.Builder extends GeneratedMessageV3.Builder<CryptoDeterministicConfig.Builder> implements CryptoDeterministicConfigOrBuilder
Pseudonymization method that generates deterministic encryption for the given
input. Outputs a base64 encoded representation of the encrypted output.
Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
Protobuf type google.privacy.dlp.v2.CryptoDeterministicConfig
Inherited Members
com.google.protobuf.GeneratedMessageV3.Builder.getUnknownFieldSetBuilder()
com.google.protobuf.GeneratedMessageV3.Builder.mergeUnknownLengthDelimitedField(int,com.google.protobuf.ByteString)
com.google.protobuf.GeneratedMessageV3.Builder.mergeUnknownVarintField(int,int)
com.google.protobuf.GeneratedMessageV3.Builder.parseUnknownField(com.google.protobuf.CodedInputStream,com.google.protobuf.ExtensionRegistryLite,int)
com.google.protobuf.GeneratedMessageV3.Builder.setUnknownFieldSetBuilder(com.google.protobuf.UnknownFieldSet.Builder)
Static Methods
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
Methods
addRepeatedField(Descriptors.FieldDescriptor field, Object value)
public CryptoDeterministicConfig.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Overrides
build()
public CryptoDeterministicConfig build()
buildPartial()
public CryptoDeterministicConfig buildPartial()
clear()
public CryptoDeterministicConfig.Builder clear()
Overrides
clearContext()
public CryptoDeterministicConfig.Builder clearContext()
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
.google.privacy.dlp.v2.FieldId context = 3;
clearCryptoKey()
public CryptoDeterministicConfig.Builder clearCryptoKey()
The key used by the encryption function. For deterministic encryption
using AES-SIV, the provided key is internally expanded to 64 bytes prior to
use.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1;
clearField(Descriptors.FieldDescriptor field)
public CryptoDeterministicConfig.Builder clearField(Descriptors.FieldDescriptor field)
Overrides
clearOneof(Descriptors.OneofDescriptor oneof)
public CryptoDeterministicConfig.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Overrides
clearSurrogateInfoType()
public CryptoDeterministicConfig.Builder clearSurrogateInfoType()
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
- reverse a surrogate that does not correspond to an actual identifier
- be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
.google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
clone()
public CryptoDeterministicConfig.Builder clone()
Overrides
getContext()
public FieldId getContext()
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
.google.privacy.dlp.v2.FieldId context = 3;
Returns |
---|
Type | Description |
FieldId | The context.
|
getContextBuilder()
public FieldId.Builder getContextBuilder()
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
.google.privacy.dlp.v2.FieldId context = 3;
getContextOrBuilder()
public FieldIdOrBuilder getContextOrBuilder()
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
.google.privacy.dlp.v2.FieldId context = 3;
getCryptoKey()
public CryptoKey getCryptoKey()
The key used by the encryption function. For deterministic encryption
using AES-SIV, the provided key is internally expanded to 64 bytes prior to
use.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1;
Returns |
---|
Type | Description |
CryptoKey | The cryptoKey.
|
getCryptoKeyBuilder()
public CryptoKey.Builder getCryptoKeyBuilder()
The key used by the encryption function. For deterministic encryption
using AES-SIV, the provided key is internally expanded to 64 bytes prior to
use.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1;
getCryptoKeyOrBuilder()
public CryptoKeyOrBuilder getCryptoKeyOrBuilder()
The key used by the encryption function. For deterministic encryption
using AES-SIV, the provided key is internally expanded to 64 bytes prior to
use.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1;
getDefaultInstanceForType()
public CryptoDeterministicConfig getDefaultInstanceForType()
getDescriptorForType()
public Descriptors.Descriptor getDescriptorForType()
Overrides
getSurrogateInfoType()
public InfoType getSurrogateInfoType()
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
- reverse a surrogate that does not correspond to an actual identifier
- be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
.google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
Returns |
---|
Type | Description |
InfoType | The surrogateInfoType.
|
getSurrogateInfoTypeBuilder()
public InfoType.Builder getSurrogateInfoTypeBuilder()
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
- reverse a surrogate that does not correspond to an actual identifier
- be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
.google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
getSurrogateInfoTypeOrBuilder()
public InfoTypeOrBuilder getSurrogateInfoTypeOrBuilder()
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
- reverse a surrogate that does not correspond to an actual identifier
- be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
.google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
hasContext()
public boolean hasContext()
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
.google.privacy.dlp.v2.FieldId context = 3;
Returns |
---|
Type | Description |
boolean | Whether the context field is set.
|
hasCryptoKey()
public boolean hasCryptoKey()
The key used by the encryption function. For deterministic encryption
using AES-SIV, the provided key is internally expanded to 64 bytes prior to
use.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1;
Returns |
---|
Type | Description |
boolean | Whether the cryptoKey field is set.
|
hasSurrogateInfoType()
public boolean hasSurrogateInfoType()
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
- reverse a surrogate that does not correspond to an actual identifier
- be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
.google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
Returns |
---|
Type | Description |
boolean | Whether the surrogateInfoType field is set.
|
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Overrides
isInitialized()
public final boolean isInitialized()
Overrides
mergeContext(FieldId value)
public CryptoDeterministicConfig.Builder mergeContext(FieldId value)
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
.google.privacy.dlp.v2.FieldId context = 3;
Parameter |
---|
Name | Description |
value | FieldId
|
mergeCryptoKey(CryptoKey value)
public CryptoDeterministicConfig.Builder mergeCryptoKey(CryptoKey value)
The key used by the encryption function. For deterministic encryption
using AES-SIV, the provided key is internally expanded to 64 bytes prior to
use.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1;
mergeFrom(CryptoDeterministicConfig other)
public CryptoDeterministicConfig.Builder mergeFrom(CryptoDeterministicConfig other)
public CryptoDeterministicConfig.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Overrides
mergeFrom(Message other)
public CryptoDeterministicConfig.Builder mergeFrom(Message other)
Parameter |
---|
Name | Description |
other | Message
|
Overrides
mergeSurrogateInfoType(InfoType value)
public CryptoDeterministicConfig.Builder mergeSurrogateInfoType(InfoType value)
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
- reverse a surrogate that does not correspond to an actual identifier
- be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
.google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
mergeUnknownFields(UnknownFieldSet unknownFields)
public final CryptoDeterministicConfig.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
Overrides
setContext(FieldId value)
public CryptoDeterministicConfig.Builder setContext(FieldId value)
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
.google.privacy.dlp.v2.FieldId context = 3;
Parameter |
---|
Name | Description |
value | FieldId
|
setContext(FieldId.Builder builderForValue)
public CryptoDeterministicConfig.Builder setContext(FieldId.Builder builderForValue)
A context may be used for higher security and maintaining
referential integrity such that the same identifier in two different
contexts will be given a distinct surrogate. The context is appended to
plaintext value being encrypted. On decryption the provided context is
validated against the value used during encryption. If a context was
provided during encryption, same context must be provided during decryption
as well.
If the context is not set, plaintext would be used as is for encryption.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
plaintext would be used as is for encryption.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
.google.privacy.dlp.v2.FieldId context = 3;
setCryptoKey(CryptoKey value)
public CryptoDeterministicConfig.Builder setCryptoKey(CryptoKey value)
The key used by the encryption function. For deterministic encryption
using AES-SIV, the provided key is internally expanded to 64 bytes prior to
use.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1;
setCryptoKey(CryptoKey.Builder builderForValue)
public CryptoDeterministicConfig.Builder setCryptoKey(CryptoKey.Builder builderForValue)
The key used by the encryption function. For deterministic encryption
using AES-SIV, the provided key is internally expanded to 64 bytes prior to
use.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1;
setField(Descriptors.FieldDescriptor field, Object value)
public CryptoDeterministicConfig.Builder setField(Descriptors.FieldDescriptor field, Object value)
Overrides
setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
public CryptoDeterministicConfig.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
Overrides
setSurrogateInfoType(InfoType value)
public CryptoDeterministicConfig.Builder setSurrogateInfoType(InfoType value)
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
- reverse a surrogate that does not correspond to an actual identifier
- be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
.google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
setSurrogateInfoType(InfoType.Builder builderForValue)
public CryptoDeterministicConfig.Builder setSurrogateInfoType(InfoType.Builder builderForValue)
The custom info type to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom info type followed by the number of
characters comprising the surrogate. The following scheme defines the
format: {info type name}({surrogate character count}):{surrogate}
For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom info type 'Surrogate'. This facilitates reversal of the
surrogate when it occurs in free text.
Note: For record transformations where the entire cell in a table is being
transformed, surrogates are not mandatory. Surrogates are used to denote
the location of the token and are necessary for re-identification in free
form text.
In order for inspection to work properly, the name of this info type must
not occur naturally anywhere in your data; otherwise, inspection may either
- reverse a surrogate that does not correspond to an actual identifier
- be unable to parse the surrogate and result in an error
Therefore, choose your custom info type name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE.
.google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
setUnknownFields(UnknownFieldSet unknownFields)
public final CryptoDeterministicConfig.Builder setUnknownFields(UnknownFieldSet unknownFields)
Overrides