Method: cryptoKeyVersions.getPublicKey

Full name: projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.getPublicKey

Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.

HTTP request

GET https://cloudkms.googleapis.com/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. The name of the CryptoKeyVersion public key to get.

Authorization requires the following IAM permission on the specified resource name:

  • cloudkms.cryptoKeyVersions.viewPublicKey

Request body

The request body must be empty.

Response body

The public key for a given CryptoKeyVersion. Obtained via cryptoKeyVersions.getPublicKey.

If successful, the response body contains data with the following structure:

JSON representation
{
  "pem": string,
  "algorithm": enum (CryptoKeyVersionAlgorithm),
  "pemCrc32c": string,
  "name": string,
  "protectionLevel": enum (ProtectionLevel)
}
Fields
pem

string

The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.

algorithm

enum (CryptoKeyVersionAlgorithm)

The Algorithm associated with this key.

pemCrc32c

string (Int64Value format)

Integrity verification field. A CRC32C checksum of the returned PublicKey.pem. An integrity check of PublicKey.pem can be performed by computing the CRC32C checksum of PublicKey.pem and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

NOTE: This field is in Beta.

name

string

The name of the CryptoKeyVersion public key. Provided here for verification.

NOTE: This field is in Beta.

protectionLevel

enum (ProtectionLevel)

The ProtectionLevel of the CryptoKeyVersion public key.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloudkms
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.