Enum CryptoKeyVersion.CryptoKeyVersionAlgorithm (2.58.0)

public enum CryptoKeyVersion.CryptoKeyVersionAlgorithm extends Enum<CryptoKeyVersion.CryptoKeyVersionAlgorithm> implements ProtocolMessageEnum

The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.

The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT.

Algorithms beginning with RSA_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after RSA_SIGN_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, RSA_SIGN_PSS_2048_SHA256 will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with RSA_DECRYPT_ are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT.

The fields in the name after RSA_DECRYPT_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with EC_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after EC_SIGN_ correspond to the following parameters: elliptic curve, digest algorithm.

Algorithms beginning with HMAC_ are usable with CryptoKey.purpose MAC.

The suffix following HMAC_ corresponds to the hash algorithm being used (eg. SHA256).

Algorithms beginning with PQ_ are post-quantum.

For more information, see Key purposes and algorithms.

Protobuf enum google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm

Implements

ProtocolMessageEnum

Static Fields

Name Description
AES_128_CBC

AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.

AES_128_CBC = 42;

AES_128_CBC_VALUE

AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.

AES_128_CBC = 42;

AES_128_CTR

AES-CTR (Counter Mode) using 128-bit keys.

AES_128_CTR = 44;

AES_128_CTR_VALUE

AES-CTR (Counter Mode) using 128-bit keys.

AES_128_CTR = 44;

AES_128_GCM

AES-GCM (Galois Counter Mode) using 128-bit keys.

AES_128_GCM = 41;

AES_128_GCM_VALUE

AES-GCM (Galois Counter Mode) using 128-bit keys.

AES_128_GCM = 41;

AES_256_CBC

AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.

AES_256_CBC = 43;

AES_256_CBC_VALUE

AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.

AES_256_CBC = 43;

AES_256_CTR

AES-CTR (Counter Mode) using 256-bit keys.

AES_256_CTR = 45;

AES_256_CTR_VALUE

AES-CTR (Counter Mode) using 256-bit keys.

AES_256_CTR = 45;

AES_256_GCM

AES-GCM (Galois Counter Mode) using 256-bit keys.

AES_256_GCM = 19;

AES_256_GCM_VALUE

AES-GCM (Galois Counter Mode) using 256-bit keys.

AES_256_GCM = 19;

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Not specified.

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0;

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED_VALUE

Not specified.

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0;

EC_SIGN_ED25519

EdDSA on the Curve25519 in pure mode (taking data as input).

EC_SIGN_ED25519 = 40;

EC_SIGN_ED25519_VALUE

EdDSA on the Curve25519 in pure mode (taking data as input).

EC_SIGN_ED25519 = 40;

EC_SIGN_P256_SHA256

ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EC_SIGN_P256_SHA256 = 12;

EC_SIGN_P256_SHA256_VALUE

ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EC_SIGN_P256_SHA256 = 12;

EC_SIGN_P384_SHA384

ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EC_SIGN_P384_SHA384 = 13;

EC_SIGN_P384_SHA384_VALUE

ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EC_SIGN_P384_SHA384 = 13;

EC_SIGN_SECP256K1_SHA256

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EC_SIGN_SECP256K1_SHA256 = 31;

EC_SIGN_SECP256K1_SHA256_VALUE

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EC_SIGN_SECP256K1_SHA256 = 31;

EXTERNAL_SYMMETRIC_ENCRYPTION

Algorithm representing symmetric encryption by an external key manager.

EXTERNAL_SYMMETRIC_ENCRYPTION = 18;

EXTERNAL_SYMMETRIC_ENCRYPTION_VALUE

Algorithm representing symmetric encryption by an external key manager.

EXTERNAL_SYMMETRIC_ENCRYPTION = 18;

GOOGLE_SYMMETRIC_ENCRYPTION

Creates symmetric encryption keys.

GOOGLE_SYMMETRIC_ENCRYPTION = 1;

GOOGLE_SYMMETRIC_ENCRYPTION_VALUE

Creates symmetric encryption keys.

GOOGLE_SYMMETRIC_ENCRYPTION = 1;

HMAC_SHA1

HMAC-SHA1 signing with a 160 bit key.

HMAC_SHA1 = 33;

HMAC_SHA1_VALUE

HMAC-SHA1 signing with a 160 bit key.

HMAC_SHA1 = 33;

HMAC_SHA224

HMAC-SHA224 signing with a 224 bit key.

HMAC_SHA224 = 36;

HMAC_SHA224_VALUE

HMAC-SHA224 signing with a 224 bit key.

HMAC_SHA224 = 36;

HMAC_SHA256

HMAC-SHA256 signing with a 256 bit key.

HMAC_SHA256 = 32;

HMAC_SHA256_VALUE

HMAC-SHA256 signing with a 256 bit key.

HMAC_SHA256 = 32;

HMAC_SHA384

HMAC-SHA384 signing with a 384 bit key.

HMAC_SHA384 = 34;

HMAC_SHA384_VALUE

HMAC-SHA384 signing with a 384 bit key.

HMAC_SHA384 = 34;

HMAC_SHA512

HMAC-SHA512 signing with a 512 bit key.

HMAC_SHA512 = 35;

HMAC_SHA512_VALUE

HMAC-SHA512 signing with a 512 bit key.

HMAC_SHA512 = 35;

RSA_DECRYPT_OAEP_2048_SHA1

RSAES-OAEP 2048 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP_2048_SHA1 = 37;

RSA_DECRYPT_OAEP_2048_SHA1_VALUE

RSAES-OAEP 2048 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP_2048_SHA1 = 37;

RSA_DECRYPT_OAEP_2048_SHA256

RSAES-OAEP 2048 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_2048_SHA256 = 8;

RSA_DECRYPT_OAEP_2048_SHA256_VALUE

RSAES-OAEP 2048 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_2048_SHA256 = 8;

RSA_DECRYPT_OAEP_3072_SHA1

RSAES-OAEP 3072 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP_3072_SHA1 = 38;

RSA_DECRYPT_OAEP_3072_SHA1_VALUE

RSAES-OAEP 3072 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP_3072_SHA1 = 38;

RSA_DECRYPT_OAEP_3072_SHA256

RSAES-OAEP 3072 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_3072_SHA256 = 9;

RSA_DECRYPT_OAEP_3072_SHA256_VALUE

RSAES-OAEP 3072 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_3072_SHA256 = 9;

RSA_DECRYPT_OAEP_4096_SHA1

RSAES-OAEP 4096 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP_4096_SHA1 = 39;

RSA_DECRYPT_OAEP_4096_SHA1_VALUE

RSAES-OAEP 4096 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP_4096_SHA1 = 39;

RSA_DECRYPT_OAEP_4096_SHA256

RSAES-OAEP 4096 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_4096_SHA256 = 10;

RSA_DECRYPT_OAEP_4096_SHA256_VALUE

RSAES-OAEP 4096 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_4096_SHA256 = 10;

RSA_DECRYPT_OAEP_4096_SHA512

RSAES-OAEP 4096 bit key with a SHA512 digest.

RSA_DECRYPT_OAEP_4096_SHA512 = 17;

RSA_DECRYPT_OAEP_4096_SHA512_VALUE

RSAES-OAEP 4096 bit key with a SHA512 digest.

RSA_DECRYPT_OAEP_4096_SHA512 = 17;

RSA_SIGN_PKCS1_2048_SHA256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_2048_SHA256 = 5;

RSA_SIGN_PKCS1_2048_SHA256_VALUE

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_2048_SHA256 = 5;

RSA_SIGN_PKCS1_3072_SHA256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_3072_SHA256 = 6;

RSA_SIGN_PKCS1_3072_SHA256_VALUE

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_3072_SHA256 = 6;

RSA_SIGN_PKCS1_4096_SHA256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_4096_SHA256 = 7;

RSA_SIGN_PKCS1_4096_SHA256_VALUE

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_4096_SHA256 = 7;

RSA_SIGN_PKCS1_4096_SHA512

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

RSA_SIGN_PKCS1_4096_SHA512 = 16;

RSA_SIGN_PKCS1_4096_SHA512_VALUE

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

RSA_SIGN_PKCS1_4096_SHA512 = 16;

RSA_SIGN_PSS_2048_SHA256

RSASSA-PSS 2048 bit key with a SHA256 digest.

RSA_SIGN_PSS_2048_SHA256 = 2;

RSA_SIGN_PSS_2048_SHA256_VALUE

RSASSA-PSS 2048 bit key with a SHA256 digest.

RSA_SIGN_PSS_2048_SHA256 = 2;

RSA_SIGN_PSS_3072_SHA256

RSASSA-PSS 3072 bit key with a SHA256 digest.

RSA_SIGN_PSS_3072_SHA256 = 3;

RSA_SIGN_PSS_3072_SHA256_VALUE

RSASSA-PSS 3072 bit key with a SHA256 digest.

RSA_SIGN_PSS_3072_SHA256 = 3;

RSA_SIGN_PSS_4096_SHA256

RSASSA-PSS 4096 bit key with a SHA256 digest.

RSA_SIGN_PSS_4096_SHA256 = 4;

RSA_SIGN_PSS_4096_SHA256_VALUE

RSASSA-PSS 4096 bit key with a SHA256 digest.

RSA_SIGN_PSS_4096_SHA256 = 4;

RSA_SIGN_PSS_4096_SHA512

RSASSA-PSS 4096 bit key with a SHA512 digest.

RSA_SIGN_PSS_4096_SHA512 = 15;

RSA_SIGN_PSS_4096_SHA512_VALUE

RSASSA-PSS 4096 bit key with a SHA512 digest.

RSA_SIGN_PSS_4096_SHA512 = 15;

RSA_SIGN_RAW_PKCS1_2048

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

RSA_SIGN_RAW_PKCS1_2048 = 28;

RSA_SIGN_RAW_PKCS1_2048_VALUE

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

RSA_SIGN_RAW_PKCS1_2048 = 28;

RSA_SIGN_RAW_PKCS1_3072

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

RSA_SIGN_RAW_PKCS1_3072 = 29;

RSA_SIGN_RAW_PKCS1_3072_VALUE

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

RSA_SIGN_RAW_PKCS1_3072 = 29;

RSA_SIGN_RAW_PKCS1_4096

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

RSA_SIGN_RAW_PKCS1_4096 = 30;

RSA_SIGN_RAW_PKCS1_4096_VALUE

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

RSA_SIGN_RAW_PKCS1_4096 = 30;

UNRECOGNIZED

Static Methods

Name Description
forNumber(int value)
getDescriptor()
internalGetValueMap()
valueOf(Descriptors.EnumValueDescriptor desc)
valueOf(int value)

Deprecated. Use #forNumber(int) instead.

valueOf(String name)
values()

Methods

Name Description
getDescriptorForType()
getNumber()
getValueDescriptor()