Method: locations.generateRandomBytes

Full name: projects.locations.generateRandomBytes

Generate random bytes using the Cloud KMS randomness source in the provided location.

HTTP request

POST https://cloudkms.googleapis.com/v1/{location=projects/*/locations/*}:generateRandomBytes

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
location

string

The project-specific location in which to generate random bytes. For example, "projects/my-project/locations/us-central1".

Request body

The request body contains data with the following structure:

JSON representation
{
  "lengthBytes": integer,
  "protectionLevel": enum (ProtectionLevel)
}
Fields
lengthBytes

integer

The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes.

protectionLevel

enum (ProtectionLevel)

The ProtectionLevel to use when generating the random data. Currently, only HSM protection level is supported.

Response body

If successful, the response body contains data with the following structure:

Response message for KeyManagementService.GenerateRandomBytes.

JSON representation
{
  "data": string,
  "dataCrc32c": string
}
Fields
data

string (bytes format)

The generated data.

A base64-encoded string.

dataCrc32c

string (Int64Value format)

Integrity verification field. A CRC32C checksum of the returned GenerateRandomBytesResponse.data. An integrity check of GenerateRandomBytesResponse.data can be performed by computing the CRC32C checksum of GenerateRandomBytesResponse.data and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloudkms
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.