Reference documentation and code samples for the Cloud KMS V1 Client class CryptoKeyVersionAlgorithm.
The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.
The
GOOGLE_SYMMETRIC_ENCRYPTION
algorithm is usable with
CryptoKey.purpose
ENCRYPT_DECRYPT.
Algorithms beginning with RSA_SIGN_
are usable with
CryptoKey.purpose
ASYMMETRIC_SIGN.
The fields in the name after RSA_SIGN_
correspond to the following
parameters: padding algorithm, modulus bit length, and digest algorithm.
For PSS, the salt length used is equal to the length of digest
algorithm. For example,
[RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256]
will use PSS with a salt length of 256 bits or 32 bytes.
Algorithms beginning with RSA_DECRYPT_
are usable with
CryptoKey.purpose
ASYMMETRIC_DECRYPT.
The fields in the name after RSA_DECRYPT_
correspond to the following
parameters: padding algorithm, modulus bit length, and digest algorithm.
Algorithms beginning with EC_SIGN_
are usable with
CryptoKey.purpose
ASYMMETRIC_SIGN.
The fields in the name after EC_SIGN_
correspond to the following
parameters: elliptic curve, digest algorithm.
Algorithms beginning with HMAC_
are usable with
CryptoKey.purpose
MAC.
The suffix following HMAC_
corresponds to the hash algorithm being used
(eg. SHA256).
Algorithms beginning with PQ_
are post-quantum.
For more information, see Key purposes and algorithms.
Protobuf type google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm
Namespace
Google \ Cloud \ Kms \ V1 \ CryptoKeyVersionMethods
static::name
Parameter | |
---|---|
Name | Description |
value |
mixed
|
static::value
Parameter | |
---|---|
Name | Description |
name |
mixed
|
Constants
CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Value: 0
Not specified.
Generated from protobuf enum CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0;
GOOGLE_SYMMETRIC_ENCRYPTION
Value: 1
Creates symmetric encryption keys.
Generated from protobuf enum GOOGLE_SYMMETRIC_ENCRYPTION = 1;
AES_128_GCM
Value: 41
AES-GCM (Galois Counter Mode) using 128-bit keys.
Generated from protobuf enum AES_128_GCM = 41;
AES_256_GCM
Value: 19
AES-GCM (Galois Counter Mode) using 256-bit keys.
Generated from protobuf enum AES_256_GCM = 19;
AES_128_CBC
Value: 42
AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
Generated from protobuf enum AES_128_CBC = 42;
AES_256_CBC
Value: 43
AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
Generated from protobuf enum AES_256_CBC = 43;
AES_128_CTR
Value: 44
AES-CTR (Counter Mode) using 128-bit keys.
Generated from protobuf enum AES_128_CTR = 44;
AES_256_CTR
Value: 45
AES-CTR (Counter Mode) using 256-bit keys.
Generated from protobuf enum AES_256_CTR = 45;
RSA_SIGN_PSS_2048_SHA256
Value: 2
RSASSA-PSS 2048 bit key with a SHA256 digest.
Generated from protobuf enum RSA_SIGN_PSS_2048_SHA256 = 2;
RSA_SIGN_PSS_3072_SHA256
Value: 3
RSASSA-PSS 3072 bit key with a SHA256 digest.
Generated from protobuf enum RSA_SIGN_PSS_3072_SHA256 = 3;
RSA_SIGN_PSS_4096_SHA256
Value: 4
RSASSA-PSS 4096 bit key with a SHA256 digest.
Generated from protobuf enum RSA_SIGN_PSS_4096_SHA256 = 4;
RSA_SIGN_PSS_4096_SHA512
Value: 15
RSASSA-PSS 4096 bit key with a SHA512 digest.
Generated from protobuf enum RSA_SIGN_PSS_4096_SHA512 = 15;
RSA_SIGN_PKCS1_2048_SHA256
Value: 5
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
Generated from protobuf enum RSA_SIGN_PKCS1_2048_SHA256 = 5;
RSA_SIGN_PKCS1_3072_SHA256
Value: 6
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
Generated from protobuf enum RSA_SIGN_PKCS1_3072_SHA256 = 6;
RSA_SIGN_PKCS1_4096_SHA256
Value: 7
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
Generated from protobuf enum RSA_SIGN_PKCS1_4096_SHA256 = 7;
RSA_SIGN_PKCS1_4096_SHA512
Value: 16
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
Generated from protobuf enum RSA_SIGN_PKCS1_4096_SHA512 = 16;
RSA_SIGN_RAW_PKCS1_2048
Value: 28
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
Generated from protobuf enum RSA_SIGN_RAW_PKCS1_2048 = 28;
RSA_SIGN_RAW_PKCS1_3072
Value: 29
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
Generated from protobuf enum RSA_SIGN_RAW_PKCS1_3072 = 29;
RSA_SIGN_RAW_PKCS1_4096
Value: 30
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
Generated from protobuf enum RSA_SIGN_RAW_PKCS1_4096 = 30;
RSA_DECRYPT_OAEP_2048_SHA256
Value: 8
RSAES-OAEP 2048 bit key with a SHA256 digest.
Generated from protobuf enum RSA_DECRYPT_OAEP_2048_SHA256 = 8;
RSA_DECRYPT_OAEP_3072_SHA256
Value: 9
RSAES-OAEP 3072 bit key with a SHA256 digest.
Generated from protobuf enum RSA_DECRYPT_OAEP_3072_SHA256 = 9;
RSA_DECRYPT_OAEP_4096_SHA256
Value: 10
RSAES-OAEP 4096 bit key with a SHA256 digest.
Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA256 = 10;
RSA_DECRYPT_OAEP_4096_SHA512
Value: 17
RSAES-OAEP 4096 bit key with a SHA512 digest.
Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA512 = 17;
RSA_DECRYPT_OAEP_2048_SHA1
Value: 37
RSAES-OAEP 2048 bit key with a SHA1 digest.
Generated from protobuf enum RSA_DECRYPT_OAEP_2048_SHA1 = 37;
RSA_DECRYPT_OAEP_3072_SHA1
Value: 38
RSAES-OAEP 3072 bit key with a SHA1 digest.
Generated from protobuf enum RSA_DECRYPT_OAEP_3072_SHA1 = 38;
RSA_DECRYPT_OAEP_4096_SHA1
Value: 39
RSAES-OAEP 4096 bit key with a SHA1 digest.
Generated from protobuf enum RSA_DECRYPT_OAEP_4096_SHA1 = 39;
EC_SIGN_P256_SHA256
Value: 12
ECDSA on the NIST P-256 curve with a SHA256 digest.
Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
Generated from protobuf enum EC_SIGN_P256_SHA256 = 12;
EC_SIGN_P384_SHA384
Value: 13
ECDSA on the NIST P-384 curve with a SHA384 digest.
Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
Generated from protobuf enum EC_SIGN_P384_SHA384 = 13;
EC_SIGN_SECP256K1_SHA256
Value: 31
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.
Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
Generated from protobuf enum EC_SIGN_SECP256K1_SHA256 = 31;
EC_SIGN_ED25519
Value: 40
EdDSA on the Curve25519 in pure mode (taking data as input).
Generated from protobuf enum EC_SIGN_ED25519 = 40;
HMAC_SHA256
Value: 32
HMAC-SHA256 signing with a 256 bit key.
Generated from protobuf enum HMAC_SHA256 = 32;
HMAC_SHA1
Value: 33
HMAC-SHA1 signing with a 160 bit key.
Generated from protobuf enum HMAC_SHA1 = 33;
HMAC_SHA384
Value: 34
HMAC-SHA384 signing with a 384 bit key.
Generated from protobuf enum HMAC_SHA384 = 34;
HMAC_SHA512
Value: 35
HMAC-SHA512 signing with a 512 bit key.
Generated from protobuf enum HMAC_SHA512 = 35;
HMAC_SHA224
Value: 36
HMAC-SHA224 signing with a 224 bit key.
Generated from protobuf enum HMAC_SHA224 = 36;
EXTERNAL_SYMMETRIC_ENCRYPTION
Value: 18
Algorithm representing symmetric encryption by an external key manager.
Generated from protobuf enum EXTERNAL_SYMMETRIC_ENCRYPTION = 18;