Cloud KMS V1 Client - Class CryptoKeyVersionAlgorithm (2.0.0-RC1)

Reference documentation and code samples for the Cloud KMS V1 Client class CryptoKeyVersionAlgorithm.

The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.

The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT. Algorithms beginning with RSA_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after RSA_SIGN_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes. Algorithms beginning with RSA_DECRYPT_ are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT. The fields in the name after RSA_DECRYPT_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. Algorithms beginning with EC_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after EC_SIGN_ correspond to the following parameters: elliptic curve, digest algorithm. Algorithms beginning with HMAC_ are usable with CryptoKey.purpose MAC. The suffix following HMAC_ corresponds to the hash algorithm being used (eg. SHA256). For more information, see Key purposes and algorithms.

Protobuf type google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm

Not specified.

Generated from protobuf enum CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0;

Creates symmetric encryption keys.

Generated from protobuf enum GOOGLE_SYMMETRIC_ENCRYPTION = 1;

AES-GCM (Galois Counter Mode) using 128-bit keys.

Generated from protobuf enum AES_128_GCM = 41;

AES-GCM (Galois Counter Mode) using 256-bit keys.

Generated from protobuf enum AES_256_GCM = 19;

AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.

Generated from protobuf enum AES_128_CBC = 42;

AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.

Generated from protobuf enum AES_256_CBC = 43;

AES-CTR (Counter Mode) using 128-bit keys.

Generated from protobuf enum AES_128_CTR = 44;

AES-CTR (Counter Mode) using 256-bit keys.

Generated from protobuf enum AES_256_CTR = 45;

RSASSA-PSS 2048 bit key with a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PSS_2048_SHA256 = 2;

RSASSA-PSS 3072 bit key with a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PSS_3072_SHA256 = 3;

RSASSA-PSS 4096 bit key with a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PSS_4096_SHA256 = 4;

RSASSA-PSS 4096 bit key with a SHA512 digest.

Generated from protobuf enum RSA_SIGN_PSS_4096_SHA512 = 15;

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_2048_SHA256 = 5;

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_3072_SHA256 = 6;

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_4096_SHA256 = 7;

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_4096_SHA512 = 16;

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

Generated from protobuf enum RSA_SIGN_RAW_PKCS1_2048 = 28;

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

Generated from protobuf enum RSA_SIGN_RAW_PKCS1_3072 = 29;

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

Generated from protobuf enum RSA_SIGN_RAW_PKCS1_4096 = 30;

RSAES-OAEP 2048 bit key with a SHA256 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_2048_SHA256 = 8;

RSAES-OAEP 3072 bit key with a SHA256 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_3072_SHA256 = 9;

RSAES-OAEP 4096 bit key with a SHA256 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA256 = 10;

RSAES-OAEP 4096 bit key with a SHA512 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA512 = 17;

RSAES-OAEP 2048 bit key with a SHA1 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_2048_SHA1 = 37;

RSAES-OAEP 3072 bit key with a SHA1 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_3072_SHA1 = 38;

RSAES-OAEP 4096 bit key with a SHA1 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA1 = 39;

ECDSA on the NIST P-256 curve with a SHA256 digest.

Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

Generated from protobuf enum EC_SIGN_P256_SHA256 = 12;

ECDSA on the NIST P-384 curve with a SHA384 digest.

Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

Generated from protobuf enum EC_SIGN_P384_SHA384 = 13;

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

Generated from protobuf enum EC_SIGN_SECP256K1_SHA256 = 31;

EdDSA on the Curve25519 in pure mode (taking data as input).

Generated from protobuf enum EC_SIGN_ED25519 = 40;

HMAC-SHA256 signing with a 256 bit key.

Generated from protobuf enum HMAC_SHA256 = 32;

HMAC-SHA1 signing with a 160 bit key.

Generated from protobuf enum HMAC_SHA1 = 33;

HMAC-SHA384 signing with a 384 bit key.

Generated from protobuf enum HMAC_SHA384 = 34;

HMAC-SHA512 signing with a 512 bit key.

Generated from protobuf enum HMAC_SHA512 = 35;

HMAC-SHA224 signing with a 224 bit key.

Generated from protobuf enum HMAC_SHA224 = 36;

Algorithm representing symmetric encryption by an external key manager.

Generated from protobuf enum EXTERNAL_SYMMETRIC_ENCRYPTION = 18;