Cloud KMS V1 Client - Class CryptoKeyVersionAlgorithm (2.1.0)

Reference documentation and code samples for the Cloud KMS V1 Client class CryptoKeyVersionAlgorithm.

The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.

The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT. Algorithms beginning with RSA_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after RSA_SIGN_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes. Algorithms beginning with RSA_DECRYPT_ are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT. The fields in the name after RSA_DECRYPT_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. Algorithms beginning with EC_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after EC_SIGN_ correspond to the following parameters: elliptic curve, digest algorithm. Algorithms beginning with HMAC_ are usable with CryptoKey.purpose MAC. The suffix following HMAC_ corresponds to the hash algorithm being used (eg. SHA256). For more information, see Key purposes and algorithms.

Protobuf type google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm

Not specified.

Generated from protobuf enum CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0;

Creates symmetric encryption keys.

Generated from protobuf enum GOOGLE_SYMMETRIC_ENCRYPTION = 1;

AES-GCM (Galois Counter Mode) using 128-bit keys.

Generated from protobuf enum AES_128_GCM = 41;

AES-GCM (Galois Counter Mode) using 256-bit keys.

Generated from protobuf enum AES_256_GCM = 19;

AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.

Generated from protobuf enum AES_128_CBC = 42;

AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.

Generated from protobuf enum AES_256_CBC = 43;

AES-CTR (Counter Mode) using 128-bit keys.

Generated from protobuf enum AES_128_CTR = 44;

AES-CTR (Counter Mode) using 256-bit keys.

Generated from protobuf enum AES_256_CTR = 45;

RSASSA-PSS 2048 bit key with a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PSS_2048_SHA256 = 2;

RSASSA-PSS 3072 bit key with a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PSS_3072_SHA256 = 3;

RSASSA-PSS 4096 bit key with a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PSS_4096_SHA256 = 4;

RSASSA-PSS 4096 bit key with a SHA512 digest.

Generated from protobuf enum RSA_SIGN_PSS_4096_SHA512 = 15;

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_2048_SHA256 = 5;

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_3072_SHA256 = 6;

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_4096_SHA256 = 7;

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_4096_SHA512 = 16;

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

Generated from protobuf enum RSA_SIGN_RAW_PKCS1_2048 = 28;

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

Generated from protobuf enum RSA_SIGN_RAW_PKCS1_3072 = 29;

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

Generated from protobuf enum RSA_SIGN_RAW_PKCS1_4096 = 30;

RSAES-OAEP 2048 bit key with a SHA256 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_2048_SHA256 = 8;

RSAES-OAEP 3072 bit key with a SHA256 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_3072_SHA256 = 9;

RSAES-OAEP 4096 bit key with a SHA256 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA256 = 10;

RSAES-OAEP 4096 bit key with a SHA512 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA512 = 17;

RSAES-OAEP 2048 bit key with a SHA1 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_2048_SHA1 = 37;

RSAES-OAEP 3072 bit key with a SHA1 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_3072_SHA1 = 38;

RSAES-OAEP 4096 bit key with a SHA1 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA1 = 39;

ECDSA on the NIST P-256 curve with a SHA256 digest.

Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

Generated from protobuf enum EC_SIGN_P256_SHA256 = 12;

ECDSA on the NIST P-384 curve with a SHA384 digest.

Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

Generated from protobuf enum EC_SIGN_P384_SHA384 = 13;

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

Generated from protobuf enum EC_SIGN_SECP256K1_SHA256 = 31;

EdDSA on the Curve25519 in pure mode (taking data as input).

Generated from protobuf enum EC_SIGN_ED25519 = 40;

HMAC-SHA256 signing with a 256 bit key.

Generated from protobuf enum HMAC_SHA256 = 32;

HMAC-SHA1 signing with a 160 bit key.

Generated from protobuf enum HMAC_SHA1 = 33;

HMAC-SHA384 signing with a 384 bit key.

Generated from protobuf enum HMAC_SHA384 = 34;

HMAC-SHA512 signing with a 512 bit key.

Generated from protobuf enum HMAC_SHA512 = 35;

HMAC-SHA224 signing with a 224 bit key.

Generated from protobuf enum HMAC_SHA224 = 36;

Algorithm representing symmetric encryption by an external key manager.

Generated from protobuf enum EXTERNAL_SYMMETRIC_ENCRYPTION = 18;