Full name: projects.locations.keyRings.cryptoKeys.encrypt
Encrypts data, so that it can only be recovered by a call to cryptoKeys.decrypt
. The CryptoKey.purpose
must be ENCRYPT_DECRYPT
.
HTTP request
The URLs use gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
Required. The resource name of the If a Authorization requires the following IAM permission on the specified resource
|
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "plaintext": string, "additionalAuthenticatedData": string, "plaintextCrc32c": string, "additionalAuthenticatedDataCrc32c": string } |
Fields | |
---|---|
plaintext |
Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's A base64-encoded string. |
additional |
Optional. Optional data that, if specified, must also be provided during decryption through The maximum size depends on the key version's A base64-encoded string. |
plaintext |
Optional. An optional CRC32C checksum of the |
additional |
Optional. An optional CRC32C checksum of the |
Response body
Response message for KeyManagementService.Encrypt
.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"name": string,
"ciphertext": string,
"ciphertextCrc32c": string,
"verifiedPlaintextCrc32c": boolean,
"verifiedAdditionalAuthenticatedDataCrc32c": boolean,
"protectionLevel": enum ( |
Fields | |
---|---|
name |
The resource name of the |
ciphertext |
The encrypted data. A base64-encoded string. |
ciphertext |
Integrity verification field. A CRC32C checksum of the returned |
verified |
Integrity verification field. A flag indicating whether |
verified |
Integrity verification field. A flag indicating whether |
protection |
The |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloudkms
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.