Cloud KMS V1 Client - Class CryptoKeyVersionAlgorithm (2.1.4)

Reference documentation and code samples for the Cloud KMS V1 Client class CryptoKeyVersionAlgorithm.

The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.

The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT. Algorithms beginning with RSA_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after RSA_SIGN_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes. Algorithms beginning with RSA_DECRYPT_ are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT. The fields in the name after RSA_DECRYPT_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. Algorithms beginning with EC_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after EC_SIGN_ correspond to the following parameters: elliptic curve, digest algorithm. Algorithms beginning with HMAC_ are usable with CryptoKey.purpose MAC. The suffix following HMAC_ corresponds to the hash algorithm being used (eg. SHA256). Algorithms beginning with PQ_ are post-quantum. For more information, see Key purposes and algorithms.

Protobuf type google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm

Namespace

Google \ Cloud \ Kms \ V1 \ CryptoKeyVersion

Methods

static::name

Parameter
Name Description
value mixed

static::value

Parameter
Name Description
name mixed

Constants

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Value: 0

Not specified.

Generated from protobuf enum CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0;

GOOGLE_SYMMETRIC_ENCRYPTION

Value: 1

Creates symmetric encryption keys.

Generated from protobuf enum GOOGLE_SYMMETRIC_ENCRYPTION = 1;

AES_128_GCM

Value: 41

AES-GCM (Galois Counter Mode) using 128-bit keys.

Generated from protobuf enum AES_128_GCM = 41;

AES_256_GCM

Value: 19

AES-GCM (Galois Counter Mode) using 256-bit keys.

Generated from protobuf enum AES_256_GCM = 19;

AES_128_CBC

Value: 42

AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.

Generated from protobuf enum AES_128_CBC = 42;

AES_256_CBC

Value: 43

AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.

Generated from protobuf enum AES_256_CBC = 43;

AES_128_CTR

Value: 44

AES-CTR (Counter Mode) using 128-bit keys.

Generated from protobuf enum AES_128_CTR = 44;

AES_256_CTR

Value: 45

AES-CTR (Counter Mode) using 256-bit keys.

Generated from protobuf enum AES_256_CTR = 45;

RSA_SIGN_PSS_2048_SHA256

Value: 2

RSASSA-PSS 2048 bit key with a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PSS_2048_SHA256 = 2;

RSA_SIGN_PSS_3072_SHA256

Value: 3

RSASSA-PSS 3072 bit key with a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PSS_3072_SHA256 = 3;

RSA_SIGN_PSS_4096_SHA256

Value: 4

RSASSA-PSS 4096 bit key with a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PSS_4096_SHA256 = 4;

RSA_SIGN_PSS_4096_SHA512

Value: 15

RSASSA-PSS 4096 bit key with a SHA512 digest.

Generated from protobuf enum RSA_SIGN_PSS_4096_SHA512 = 15;

RSA_SIGN_PKCS1_2048_SHA256

Value: 5

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_2048_SHA256 = 5;

RSA_SIGN_PKCS1_3072_SHA256

Value: 6

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_3072_SHA256 = 6;

RSA_SIGN_PKCS1_4096_SHA256

Value: 7

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_4096_SHA256 = 7;

RSA_SIGN_PKCS1_4096_SHA512

Value: 16

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

Generated from protobuf enum RSA_SIGN_PKCS1_4096_SHA512 = 16;

RSA_SIGN_RAW_PKCS1_2048

Value: 28

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

Generated from protobuf enum RSA_SIGN_RAW_PKCS1_2048 = 28;

RSA_SIGN_RAW_PKCS1_3072

Value: 29

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

Generated from protobuf enum RSA_SIGN_RAW_PKCS1_3072 = 29;

RSA_SIGN_RAW_PKCS1_4096

Value: 30

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

Generated from protobuf enum RSA_SIGN_RAW_PKCS1_4096 = 30;

RSA_DECRYPT_OAEP_2048_SHA256

Value: 8

RSAES-OAEP 2048 bit key with a SHA256 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_2048_SHA256 = 8;

RSA_DECRYPT_OAEP_3072_SHA256

Value: 9

RSAES-OAEP 3072 bit key with a SHA256 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_3072_SHA256 = 9;

RSA_DECRYPT_OAEP_4096_SHA256

Value: 10

RSAES-OAEP 4096 bit key with a SHA256 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA256 = 10;

RSA_DECRYPT_OAEP_4096_SHA512

Value: 17

RSAES-OAEP 4096 bit key with a SHA512 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA512 = 17;

RSA_DECRYPT_OAEP_2048_SHA1

Value: 37

RSAES-OAEP 2048 bit key with a SHA1 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_2048_SHA1 = 37;

RSA_DECRYPT_OAEP_3072_SHA1

Value: 38

RSAES-OAEP 3072 bit key with a SHA1 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_3072_SHA1 = 38;

RSA_DECRYPT_OAEP_4096_SHA1

Value: 39

RSAES-OAEP 4096 bit key with a SHA1 digest.

Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA1 = 39;

EC_SIGN_P256_SHA256

Value: 12

ECDSA on the NIST P-256 curve with a SHA256 digest.

Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

Generated from protobuf enum EC_SIGN_P256_SHA256 = 12;

EC_SIGN_P384_SHA384

Value: 13

ECDSA on the NIST P-384 curve with a SHA384 digest.

Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

Generated from protobuf enum EC_SIGN_P384_SHA384 = 13;

EC_SIGN_SECP256K1_SHA256

Value: 31

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

Generated from protobuf enum EC_SIGN_SECP256K1_SHA256 = 31;

EC_SIGN_ED25519

Value: 40

EdDSA on the Curve25519 in pure mode (taking data as input).

Generated from protobuf enum EC_SIGN_ED25519 = 40;

HMAC_SHA256

Value: 32

HMAC-SHA256 signing with a 256 bit key.

Generated from protobuf enum HMAC_SHA256 = 32;

HMAC_SHA1

Value: 33

HMAC-SHA1 signing with a 160 bit key.

Generated from protobuf enum HMAC_SHA1 = 33;

HMAC_SHA384

Value: 34

HMAC-SHA384 signing with a 384 bit key.

Generated from protobuf enum HMAC_SHA384 = 34;

HMAC_SHA512

Value: 35

HMAC-SHA512 signing with a 512 bit key.

Generated from protobuf enum HMAC_SHA512 = 35;

HMAC_SHA224

Value: 36

HMAC-SHA224 signing with a 224 bit key.

Generated from protobuf enum HMAC_SHA224 = 36;

EXTERNAL_SYMMETRIC_ENCRYPTION

Value: 18

Algorithm representing symmetric encryption by an external key manager.

Generated from protobuf enum EXTERNAL_SYMMETRIC_ENCRYPTION = 18;