Interface ImportCryptoKeyVersionRequestOrBuilder (2.24.0)

public interface ImportCryptoKeyVersionRequestOrBuilder extends MessageOrBuilder

Implements

MessageOrBuilder

Methods

getAlgorithm()

public abstract CryptoKeyVersion.CryptoKeyVersionAlgorithm getAlgorithm()

Required. The algorithm of the key being imported. This does not need to match the version_template of the CryptoKey this version imports into.

.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
CryptoKeyVersion.CryptoKeyVersionAlgorithm

The algorithm.

getAlgorithmValue()

public abstract int getAlgorithmValue()

Required. The algorithm of the key being imported. This does not need to match the version_template of the CryptoKey this version imports into.

.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
int

The enum numeric value on the wire for algorithm.

getCryptoKeyVersion()

public abstract String getCryptoKeyVersion()

Optional. The optional name of an existing CryptoKeyVersion to target for an import operation. If this field is not present, a new CryptoKeyVersion containing the supplied key material is created.

If this field is present, the supplied key material is imported into the existing CryptoKeyVersion. To import into an existing CryptoKeyVersion, the CryptoKeyVersion must be a child of ImportCryptoKeyVersionRequest.parent, have been previously created via [ImportCryptoKeyVersion][], and be in DESTROYED or IMPORT_FAILED state. The key material and algorithm must match the previous CryptoKeyVersion exactly if the CryptoKeyVersion has ever contained key material.

string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }

Returns
TypeDescription
String

The cryptoKeyVersion.

getCryptoKeyVersionBytes()

public abstract ByteString getCryptoKeyVersionBytes()

Optional. The optional name of an existing CryptoKeyVersion to target for an import operation. If this field is not present, a new CryptoKeyVersion containing the supplied key material is created.

If this field is present, the supplied key material is imported into the existing CryptoKeyVersion. To import into an existing CryptoKeyVersion, the CryptoKeyVersion must be a child of ImportCryptoKeyVersionRequest.parent, have been previously created via [ImportCryptoKeyVersion][], and be in DESTROYED or IMPORT_FAILED state. The key material and algorithm must match the previous CryptoKeyVersion exactly if the CryptoKeyVersion has ever contained key material.

string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }

Returns
TypeDescription
ByteString

The bytes for cryptoKeyVersion.

getImportJob()

public abstract String getImportJob()

Required. The name of the ImportJob that was used to wrap this key material.

string import_job = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
String

The importJob.

getImportJobBytes()

public abstract ByteString getImportJobBytes()

Required. The name of the ImportJob that was used to wrap this key material.

string import_job = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
ByteString

The bytes for importJob.

getParent()

public abstract String getParent()

Required. The name of the CryptoKey to be imported into.

The create permission is only required on this key when creating a new CryptoKeyVersion.

string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }

Returns
TypeDescription
String

The parent.

getParentBytes()

public abstract ByteString getParentBytes()

Required. The name of the CryptoKey to be imported into.

The create permission is only required on this key when creating a new CryptoKeyVersion.

string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }

Returns
TypeDescription
ByteString

The bytes for parent.

getRsaAesWrappedKey()

public abstract ByteString getRsaAesWrappedKey()

Optional. This field has the same meaning as wrapped_key. Prefer to use that field in new work. Either that field or this field (but not both) must be specified.

bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
ByteString

The rsaAesWrappedKey.

getWrappedKey()

public abstract ByteString getWrappedKey()

Optional. The wrapped key material to import.

Before wrapping, key material must be formatted. If importing symmetric key material, the expected key material format is plain bytes. If importing asymmetric key material, the expected key material format is PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208).

When wrapping with import methods (RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256 or RSA_OAEP_3072_SHA256_AES_256 or RSA_OAEP_4096_SHA256_AES_256),

this field must contain the concatenation of: <ol> <li>An ephemeral AES-256 wrapping key wrapped with the public_key using RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty label. </li> <li>The formatted key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649). </li> </ol>

This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.

When wrapping with import methods (RSA_OAEP_3072_SHA256 or RSA_OAEP_4096_SHA256),

this field must contain the formatted key to be imported, wrapped with the public_key using RSAES-OAEP with SHA-256, MGF1 with SHA-256, and an empty label.

bytes wrapped_key = 8 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
ByteString

The wrappedKey.

getWrappedKeyMaterialCase()

public abstract ImportCryptoKeyVersionRequest.WrappedKeyMaterialCase getWrappedKeyMaterialCase()
Returns
TypeDescription
ImportCryptoKeyVersionRequest.WrappedKeyMaterialCase

hasRsaAesWrappedKey()

public abstract boolean hasRsaAesWrappedKey()

Optional. This field has the same meaning as wrapped_key. Prefer to use that field in new work. Either that field or this field (but not both) must be specified.

bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
boolean

Whether the rsaAesWrappedKey field is set.