http4s-grpc-google-cloud-kms-v1
0.122.0+0.0.5
API
Generated with
http4s-grpc-google-cloud-kms-v1/com.google.cloud.kms.v1/com.google.cloud.kms.v1.service

com.google.cloud.kms.v1.service

package com.google.cloud.kms.v1.service

Members list

Type members

Classlikes

final case class AsymmetricDecryptRequest(name: String, ciphertext: ByteString, ciphertextCrc32C: Option[Long], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[AsymmetricDecryptRequest]

Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

Value parameters

ciphertext

Required. The data encrypted with the named [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using OAEP.

ciphertextCrc32C

Optional. An optional CRC32C checksum of the [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) is equal to [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for decryption.

Attributes

Companion
object
Source
AsymmetricDecryptRequest.scala
Supertypes
trait Updatable[AsymmetricDecryptRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object AsymmetricDecryptRequest extends GeneratedMessageCompanion[AsymmetricDecryptRequest]

Attributes

Companion
class
Source
AsymmetricDecryptRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[AsymmetricDecryptRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class AsymmetricDecryptResponse(plaintext: ByteString, plaintextCrc32C: Option[Long], verifiedCiphertextCrc32C: Boolean, protectionLevel: ProtectionLevel, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[AsymmetricDecryptResponse]

Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

Value parameters

plaintext

The decrypted data originally encrypted with the matching public key.

plaintextCrc32C

Integrity verification field. A CRC32C checksum of the returned [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. An integrity check of [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] can be performed by computing the CRC32C checksum of [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

protectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in decryption.

verifiedCiphertextCrc32C

Integrity verification field. A flag indicating whether [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A false value of this field indicates either that [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] but this field is still false, discard the response and perform a limited number of retries.

Attributes

Companion
object
Source
AsymmetricDecryptResponse.scala
Supertypes
trait Updatable[AsymmetricDecryptResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object AsymmetricDecryptResponse extends GeneratedMessageCompanion[AsymmetricDecryptResponse]

Attributes

Companion
class
Source
AsymmetricDecryptResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[AsymmetricDecryptResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class AsymmetricSignRequest(name: String, digest: Option[Digest], digestCrc32C: Option[Long], data: ByteString, dataCrc32C: Option[Long], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[AsymmetricSignRequest]

Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

Value parameters

data

Optional. The data to sign. It can't be supplied if [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] is supplied.

dataCrc32C

Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]) is equal to [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

digest

Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. This field may not be supplied if [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] is supplied.

digestCrc32C

Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) is equal to [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for signing.

Attributes

Companion
object
Source
AsymmetricSignRequest.scala
Supertypes
trait Updatable[AsymmetricSignRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object AsymmetricSignRequest extends GeneratedMessageCompanion[AsymmetricSignRequest]

Attributes

Companion
class
Source
AsymmetricSignRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[AsymmetricSignRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class AsymmetricSignResponse(signature: ByteString, signatureCrc32C: Option[Long], verifiedDigestCrc32C: Boolean, name: String, verifiedDataCrc32C: Boolean, protectionLevel: ProtectionLevel, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[AsymmetricSignResponse]

Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

Value parameters

name

The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check this field to verify that the intended resource was used for signing.

protectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.

signature

The created signature.

signatureCrc32C

Integrity verification field. A CRC32C checksum of the returned [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. An integrity check of [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] can be performed by computing the CRC32C checksum of [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

verifiedDataCrc32C

Integrity verification field. A flag indicating whether [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the [data][google.cloud.kms.v1.AsymmetricSignRequest.data]. A false value of this field indicates either that [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] but this field is still false, discard the response and perform a limited number of retries.

verifiedDigestCrc32C

Integrity verification field. A flag indicating whether [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value of this field indicates either that [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] but this field is still false, discard the response and perform a limited number of retries.

Attributes

Companion
object
Source
AsymmetricSignResponse.scala
Supertypes
trait Updatable[AsymmetricSignResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object AsymmetricSignResponse extends GeneratedMessageCompanion[AsymmetricSignResponse]

Attributes

Companion
class
Source
AsymmetricSignResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[AsymmetricSignResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class CreateCryptoKeyRequest(parent: String, cryptoKeyId: String, cryptoKey: Option[CryptoKey], skipInitialVersionCreation: Boolean, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[CreateCryptoKeyRequest]

Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].

Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].

Value parameters

cryptoKey

Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field values.

cryptoKeyId

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

parent

Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the [CryptoKeys][google.cloud.kms.v1.CryptoKey].

skipInitialVersionCreation

If set to true, the request will create a [CryptoKey][google.cloud.kms.v1.CryptoKey] without any [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must manually call [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion] before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey].

Attributes

Companion
object
Source
CreateCryptoKeyRequest.scala
Supertypes
trait Updatable[CreateCryptoKeyRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object CreateCryptoKeyRequest extends GeneratedMessageCompanion[CreateCryptoKeyRequest]

Attributes

Companion
class
Source
CreateCryptoKeyRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[CreateCryptoKeyRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class CreateCryptoKeyVersionRequest(parent: String, cryptoKeyVersion: Option[CryptoKeyVersion], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[CreateCryptoKeyVersionRequest]

Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].

Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].

Value parameters

cryptoKeyVersion

Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with initial field values.

parent

Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].

Attributes

Companion
object
Source
CreateCryptoKeyVersionRequest.scala
Supertypes
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object CreateCryptoKeyVersionRequest extends GeneratedMessageCompanion[CreateCryptoKeyVersionRequest]

Attributes

Companion
class
Source
CreateCryptoKeyVersionRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[CreateCryptoKeyVersionRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class CreateImportJobRequest(parent: String, importJobId: String, importJob: Option[ImportJob], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[CreateImportJobRequest]

Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].

Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].

Value parameters

importJob

Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field values.

importJobId

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

parent

Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] associated with the [ImportJobs][google.cloud.kms.v1.ImportJob].

Attributes

Companion
object
Source
CreateImportJobRequest.scala
Supertypes
trait Updatable[CreateImportJobRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object CreateImportJobRequest extends GeneratedMessageCompanion[CreateImportJobRequest]

Attributes

Companion
class
Source
CreateImportJobRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[CreateImportJobRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class CreateKeyRingRequest(parent: String, keyRingId: String, keyRing: Option[KeyRing], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[CreateKeyRingRequest]

Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].

Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].

Value parameters

keyRing

Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field values.

keyRingId

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

parent

Required. The resource name of the location associated with the [KeyRings][google.cloud.kms.v1.KeyRing], in the format projects/*/locations/*.

Attributes

Companion
object
Source
CreateKeyRingRequest.scala
Supertypes
trait Updatable[CreateKeyRingRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object CreateKeyRingRequest extends GeneratedMessageCompanion[CreateKeyRingRequest]

Attributes

Companion
class
Source
CreateKeyRingRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[CreateKeyRingRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class DecryptRequest(name: String, ciphertext: ByteString, additionalAuthenticatedData: ByteString, ciphertextCrc32C: Option[Long], additionalAuthenticatedDataCrc32C: Option[Long], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[DecryptRequest]

Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

Value parameters

additionalAuthenticatedData

Optional. Optional data that must match the data originally supplied in [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data].

additionalAuthenticatedDataCrc32C

Optional. An optional CRC32C checksum of the [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) is equal to [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

ciphertext

Required. The encrypted data originally returned in [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].

ciphertextCrc32C

Optional. An optional CRC32C checksum of the [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) is equal to [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The server will choose the appropriate version.

Attributes

Companion
object
Source
DecryptRequest.scala
Supertypes
trait Updatable[DecryptRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object DecryptRequest extends GeneratedMessageCompanion[DecryptRequest]

Attributes

Companion
class
Source
DecryptRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[DecryptRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class DecryptResponse(plaintext: ByteString, plaintextCrc32C: Option[Long], usedPrimary: Boolean, protectionLevel: ProtectionLevel, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[DecryptResponse]

Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

Value parameters

plaintext

The decrypted data originally supplied in [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext].

plaintextCrc32C

Integrity verification field. A CRC32C checksum of the returned [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. An integrity check of [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] can be performed by computing the CRC32C checksum of [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: receiving this response message indicates that [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to successfully decrypt the [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

protectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in decryption.

usedPrimary

Whether the Decryption was performed using the primary key version.

Attributes

Companion
object
Source
DecryptResponse.scala
Supertypes
trait Updatable[DecryptResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object DecryptResponse extends GeneratedMessageCompanion[DecryptResponse]

Attributes

Companion
class
Source
DecryptResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[DecryptResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class DestroyCryptoKeyVersionRequest(name: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[DestroyCryptoKeyVersionRequest]

Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].

Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].

Value parameters

name

Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy.

Attributes

Companion
object
Source
DestroyCryptoKeyVersionRequest.scala
Supertypes
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object DestroyCryptoKeyVersionRequest extends GeneratedMessageCompanion[DestroyCryptoKeyVersionRequest]

Attributes

Companion
class
Source
DestroyCryptoKeyVersionRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[DestroyCryptoKeyVersionRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class Digest(digest: Digest, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[Digest]

A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest.

A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest.

Attributes

Companion
object
Source
Digest.scala
Supertypes
trait Updatable[Digest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object Digest extends GeneratedMessageCompanion[Digest]

Attributes

Companion
class
Source
Digest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[Digest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
Digest.type
final case class EncryptRequest(name: String, plaintext: ByteString, additionalAuthenticatedData: ByteString, plaintextCrc32C: Option[Long], additionalAuthenticatedDataCrc32C: Option[Long], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[EncryptRequest]

Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

Value parameters

additionalAuthenticatedData

Optional. Optional data that, if specified, must also be provided during decryption through [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. The maximum size depends on the key version's [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the AAD must be no larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

additionalAuthenticatedDataCrc32C

Optional. An optional CRC32C checksum of the [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) is equal to [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for encryption. If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server will use its [primary version][google.cloud.kms.v1.CryptoKey.primary].

plaintext

Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the plaintext must be no larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

plaintextCrc32C

Optional. An optional CRC32C checksum of the [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) is equal to [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Attributes

Companion
object
Source
EncryptRequest.scala
Supertypes
trait Updatable[EncryptRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object EncryptRequest extends GeneratedMessageCompanion[EncryptRequest]

Attributes

Companion
class
Source
EncryptRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[EncryptRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class EncryptResponse(name: String, ciphertext: ByteString, ciphertextCrc32C: Option[Long], verifiedPlaintextCrc32C: Boolean, verifiedAdditionalAuthenticatedDataCrc32C: Boolean, protectionLevel: ProtectionLevel, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[EncryptResponse]

Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

Value parameters

ciphertext

The encrypted data.

ciphertextCrc32C

Integrity verification field. A CRC32C checksum of the returned [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. An integrity check of [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] can be performed by computing the CRC32C checksum of [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption. Check this field to verify that the intended resource was used for encryption.

protectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption.

verifiedAdditionalAuthenticatedDataCrc32C

Integrity verification field. A flag indicating whether [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A false value of this field indicates either that [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] but this field is still false, discard the response and perform a limited number of retries.

verifiedPlaintextCrc32C

Integrity verification field. A flag indicating whether [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of this field indicates either that [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] but this field is still false, discard the response and perform a limited number of retries.

Attributes

Companion
object
Source
EncryptResponse.scala
Supertypes
trait Updatable[EncryptResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object EncryptResponse extends GeneratedMessageCompanion[EncryptResponse]

Attributes

Companion
class
Source
EncryptResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[EncryptResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class GenerateRandomBytesRequest(location: String, lengthBytes: Int, protectionLevel: ProtectionLevel, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[GenerateRandomBytesRequest]

Request message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

Request message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

Value parameters

lengthBytes

The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes.

location

The project-specific location in which to generate random bytes. For example, "projects/my-project/locations/us-central1".

protectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when generating the random data. Currently, only [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] protection level is supported.

Attributes

Companion
object
Source
GenerateRandomBytesRequest.scala
Supertypes
trait Updatable[GenerateRandomBytesRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object GenerateRandomBytesRequest extends GeneratedMessageCompanion[GenerateRandomBytesRequest]

Attributes

Companion
class
Source
GenerateRandomBytesRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[GenerateRandomBytesRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class GenerateRandomBytesResponse(data: ByteString, dataCrc32C: Option[Long], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[GenerateRandomBytesResponse]

Response message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

Response message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

Value parameters

data

The generated data.

dataCrc32C

Integrity verification field. A CRC32C checksum of the returned [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]. An integrity check of [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] can be performed by computing the CRC32C checksum of [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Attributes

Companion
object
Source
GenerateRandomBytesResponse.scala
Supertypes
trait Updatable[GenerateRandomBytesResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object GenerateRandomBytesResponse extends GeneratedMessageCompanion[GenerateRandomBytesResponse]

Attributes

Companion
class
Source
GenerateRandomBytesResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[GenerateRandomBytesResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class GetCryptoKeyRequest(name: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[GetCryptoKeyRequest]

Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].

Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].

Value parameters

name

Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to get.

Attributes

Companion
object
Source
GetCryptoKeyRequest.scala
Supertypes
trait Updatable[GetCryptoKeyRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object GetCryptoKeyRequest extends GeneratedMessageCompanion[GetCryptoKeyRequest]

Attributes

Companion
class
Source
GetCryptoKeyRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[GetCryptoKeyRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class GetCryptoKeyVersionRequest(name: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[GetCryptoKeyVersionRequest]

Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].

Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].

Value parameters

name

Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get.

Attributes

Companion
object
Source
GetCryptoKeyVersionRequest.scala
Supertypes
trait Updatable[GetCryptoKeyVersionRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object GetCryptoKeyVersionRequest extends GeneratedMessageCompanion[GetCryptoKeyVersionRequest]

Attributes

Companion
class
Source
GetCryptoKeyVersionRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[GetCryptoKeyVersionRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class GetImportJobRequest(name: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[GetImportJobRequest]

Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].

Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].

Value parameters

name

Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] to get.

Attributes

Companion
object
Source
GetImportJobRequest.scala
Supertypes
trait Updatable[GetImportJobRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object GetImportJobRequest extends GeneratedMessageCompanion[GetImportJobRequest]

Attributes

Companion
class
Source
GetImportJobRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[GetImportJobRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class GetKeyRingRequest(name: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[GetKeyRingRequest]

Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].

Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].

Value parameters

name

Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] to get.

Attributes

Companion
object
Source
GetKeyRingRequest.scala
Supertypes
trait Updatable[GetKeyRingRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object GetKeyRingRequest extends GeneratedMessageCompanion[GetKeyRingRequest]

Attributes

Companion
class
Source
GetKeyRingRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[GetKeyRingRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class GetPublicKeyRequest(name: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[GetPublicKeyRequest]

Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

Value parameters

name

Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get.

Attributes

Companion
object
Source
GetPublicKeyRequest.scala
Supertypes
trait Updatable[GetPublicKeyRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object GetPublicKeyRequest extends GeneratedMessageCompanion[GetPublicKeyRequest]

Attributes

Companion
class
Source
GetPublicKeyRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[GetPublicKeyRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class ImportCryptoKeyVersionRequest(parent: String, cryptoKeyVersion: String, algorithm: CryptoKeyVersionAlgorithm, importJob: String, wrappedKey: ByteString, wrappedKeyMaterial: WrappedKeyMaterial, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[ImportCryptoKeyVersionRequest]

Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].

Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].

Value parameters

algorithm

Required. The [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] of the key being imported. This does not need to match the [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] this version imports into.

cryptoKeyVersion

Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation. If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the supplied key material is created. If this field is present, the supplied key material is imported into the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via [ImportCryptoKeyVersion][], and be in [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED] state. The key material and algorithm must match the previous [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained key material.

importJob

Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key material.

parent

Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into. The create permission is only required on this key when creating a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

wrappedKey

Optional. The wrapped key material to import. Before wrapping, key material must be formatted. If importing symmetric key material, the expected key material format is plain bytes. If importing asymmetric key material, the expected key material format is PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208). When wrapping with import methods ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256] or [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256] or [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256] or [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]), this field must contain the concatenation of: <ol> <li>An ephemeral AES-256 wrapping key wrapped with the [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty label. </li> <li>The formatted key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649). </li> </ol> This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP. When wrapping with import methods ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256] or [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]), this field must contain the formatted key to be imported, wrapped with the [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP with SHA-256, MGF1 with SHA-256, and an empty label.

Attributes

Companion
object
Source
ImportCryptoKeyVersionRequest.scala
Supertypes
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ImportCryptoKeyVersionRequest extends GeneratedMessageCompanion[ImportCryptoKeyVersionRequest]

Attributes

Companion
class
Source
ImportCryptoKeyVersionRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[ImportCryptoKeyVersionRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
trait KeyManagementService[F[_]]

Google Cloud Key Management Service

Google Cloud Key Management Service

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

  • [KeyRing][google.cloud.kms.v1.KeyRing]
  • [CryptoKey][google.cloud.kms.v1.CryptoKey]
  • [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
  • [ImportJob][google.cloud.kms.v1.ImportJob]

If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.

Attributes

Companion
object
Source
KeyManagementService.scala
Supertypes
class Object
trait Matchable
class Any
object KeyManagementService

Attributes

Companion
trait
Source
KeyManagementService.scala
Supertypes
class Object
trait Matchable
class Any
Self type
final case class ListCryptoKeyVersionsRequest(parent: String, pageSize: Int, pageToken: String, view: CryptoKeyVersionView, filter: String, orderBy: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[ListCryptoKeyVersionsRequest]

Request message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

Request message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

Value parameters

filter

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

pageSize

Optional. Optional limit on the number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to include in the response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can subsequently be obtained by including the [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

Optional. Optional pagination token, returned earlier via [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token].

parent

Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format projects/&#42;/locations/&#42;/keyRings/&#42;/cryptoKeys/&#42;.

view

The fields to include in the response.

Attributes

Companion
object
Source
ListCryptoKeyVersionsRequest.scala
Supertypes
trait Updatable[ListCryptoKeyVersionsRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ListCryptoKeyVersionsRequest extends GeneratedMessageCompanion[ListCryptoKeyVersionsRequest]

Attributes

Companion
class
Source
ListCryptoKeyVersionsRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[ListCryptoKeyVersionsRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class ListCryptoKeyVersionsResponse(cryptoKeyVersions: Seq[CryptoKeyVersion], nextPageToken: String, totalSize: Int, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[ListCryptoKeyVersionsResponse]

Response message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

Response message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

Value parameters

cryptoKeyVersions

The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].

nextPageToken

A token to retrieve next page of results. Pass this value in [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] to retrieve the next page of results.

totalSize

The total number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the query.

Attributes

Companion
object
Source
ListCryptoKeyVersionsResponse.scala
Supertypes
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ListCryptoKeyVersionsResponse extends GeneratedMessageCompanion[ListCryptoKeyVersionsResponse]

Attributes

Companion
class
Source
ListCryptoKeyVersionsResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[ListCryptoKeyVersionsResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class ListCryptoKeysRequest(parent: String, pageSize: Int, pageToken: String, versionView: CryptoKeyVersionView, filter: String, orderBy: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[ListCryptoKeysRequest]

Request message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

Request message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

Value parameters

filter

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

pageSize

Optional. Optional limit on the number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the response. Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be obtained by including the [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

Optional. Optional pagination token, returned earlier via [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token].

parent

Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format projects/&#42;/locations/&#42;/keyRings/&#42;.

versionView

The fields of the primary version to include in the response.

Attributes

Companion
object
Source
ListCryptoKeysRequest.scala
Supertypes
trait Updatable[ListCryptoKeysRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ListCryptoKeysRequest extends GeneratedMessageCompanion[ListCryptoKeysRequest]

Attributes

Companion
class
Source
ListCryptoKeysRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[ListCryptoKeysRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class ListCryptoKeysResponse(cryptoKeys: Seq[CryptoKey], nextPageToken: String, totalSize: Int, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[ListCryptoKeysResponse]

Response message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

Response message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

Value parameters

cryptoKeys

The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey].

nextPageToken

A token to retrieve next page of results. Pass this value in [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] to retrieve the next page of results.

totalSize

The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that matched the query.

Attributes

Companion
object
Source
ListCryptoKeysResponse.scala
Supertypes
trait Updatable[ListCryptoKeysResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ListCryptoKeysResponse extends GeneratedMessageCompanion[ListCryptoKeysResponse]

Attributes

Companion
class
Source
ListCryptoKeysResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[ListCryptoKeysResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class ListImportJobsRequest(parent: String, pageSize: Int, pageToken: String, filter: String, orderBy: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[ListImportJobsRequest]

Request message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

Request message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

Value parameters

filter

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

pageSize

Optional. Optional limit on the number of [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the response. Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be obtained by including the [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

Optional. Optional pagination token, returned earlier via [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token].

parent

Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format projects/&#42;/locations/&#42;/keyRings/&#42;.

Attributes

Companion
object
Source
ListImportJobsRequest.scala
Supertypes
trait Updatable[ListImportJobsRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ListImportJobsRequest extends GeneratedMessageCompanion[ListImportJobsRequest]

Attributes

Companion
class
Source
ListImportJobsRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[ListImportJobsRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class ListImportJobsResponse(importJobs: Seq[ImportJob], nextPageToken: String, totalSize: Int, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[ListImportJobsResponse]

Response message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

Response message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

Value parameters

importJobs

The list of [ImportJobs][google.cloud.kms.v1.ImportJob].

nextPageToken

A token to retrieve next page of results. Pass this value in [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] to retrieve the next page of results.

totalSize

The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that matched the query.

Attributes

Companion
object
Source
ListImportJobsResponse.scala
Supertypes
trait Updatable[ListImportJobsResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ListImportJobsResponse extends GeneratedMessageCompanion[ListImportJobsResponse]

Attributes

Companion
class
Source
ListImportJobsResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[ListImportJobsResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class ListKeyRingsRequest(parent: String, pageSize: Int, pageToken: String, filter: String, orderBy: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[ListKeyRingsRequest]

Request message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

Request message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

Value parameters

filter

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

pageSize

Optional. Optional limit on the number of [KeyRings][google.cloud.kms.v1.KeyRing] to include in the response. Further [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by including the [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

Optional. Optional pagination token, returned earlier via [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token].

parent

Required. The resource name of the location associated with the [KeyRings][google.cloud.kms.v1.KeyRing], in the format projects/&#42;/locations/&#42;.

Attributes

Companion
object
Source
ListKeyRingsRequest.scala
Supertypes
trait Updatable[ListKeyRingsRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ListKeyRingsRequest extends GeneratedMessageCompanion[ListKeyRingsRequest]

Attributes

Companion
class
Source
ListKeyRingsRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[ListKeyRingsRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class ListKeyRingsResponse(keyRings: Seq[KeyRing], nextPageToken: String, totalSize: Int, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[ListKeyRingsResponse]

Response message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

Response message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

Value parameters

keyRings

The list of [KeyRings][google.cloud.kms.v1.KeyRing].

nextPageToken

A token to retrieve next page of results. Pass this value in [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] to retrieve the next page of results.

totalSize

The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched the query.

Attributes

Companion
object
Source
ListKeyRingsResponse.scala
Supertypes
trait Updatable[ListKeyRingsResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ListKeyRingsResponse extends GeneratedMessageCompanion[ListKeyRingsResponse]

Attributes

Companion
class
Source
ListKeyRingsResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[ListKeyRingsResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class LocationMetadata(hsmAvailable: Boolean, ekmAvailable: Boolean, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[LocationMetadata]

Cloud KMS metadata for the given [google.cloud.location.Location][google.cloud.location.Location].

Cloud KMS metadata for the given [google.cloud.location.Location][google.cloud.location.Location].

Value parameters

ekmAvailable

Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in this location.

hsmAvailable

Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this location.

Attributes

Companion
object
Source
LocationMetadata.scala
Supertypes
trait Updatable[LocationMetadata]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object LocationMetadata extends GeneratedMessageCompanion[LocationMetadata]

Attributes

Companion
class
Source
LocationMetadata.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[LocationMetadata]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class MacSignRequest(name: String, data: ByteString, dataCrc32C: Option[Long], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[MacSignRequest]

Request message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].

Request message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].

Value parameters

data

Required. The data to sign. The MAC tag is computed over this data field based on the specific algorithm.

dataCrc32C

Optional. An optional CRC32C checksum of the [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]) is equal to [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for signing.

Attributes

Companion
object
Source
MacSignRequest.scala
Supertypes
trait Updatable[MacSignRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object MacSignRequest extends GeneratedMessageCompanion[MacSignRequest]

Attributes

Companion
class
Source
MacSignRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[MacSignRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class MacSignResponse(name: String, mac: ByteString, macCrc32C: Option[Long], verifiedDataCrc32C: Boolean, protectionLevel: ProtectionLevel, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[MacSignResponse]

Response message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].

Response message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].

Value parameters

mac

The created signature.

macCrc32C

Integrity verification field. A CRC32C checksum of the returned [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac]. An integrity check of [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] can be performed by computing the CRC32C checksum of [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check this field to verify that the intended resource was used for signing.

protectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.

verifiedDataCrc32C

Integrity verification field. A flag indicating whether [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the [data][google.cloud.kms.v1.MacSignRequest.data]. A false value of this field indicates either that [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] but this field is still false, discard the response and perform a limited number of retries.

Attributes

Companion
object
Source
MacSignResponse.scala
Supertypes
trait Updatable[MacSignResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object MacSignResponse extends GeneratedMessageCompanion[MacSignResponse]

Attributes

Companion
class
Source
MacSignResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[MacSignResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class MacVerifyRequest(name: String, data: ByteString, dataCrc32C: Option[Long], mac: ByteString, macCrc32C: Option[Long], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[MacVerifyRequest]

Request message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].

Request message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].

Value parameters

data

Required. The data used previously as a [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate the MAC tag.

dataCrc32C

Optional. An optional CRC32C checksum of the [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]) is equal to [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

mac

Required. The signature to verify.

macCrc32C

Optional. An optional CRC32C checksum of the [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([MacVerifyRequest.tag][]) is equal to [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c], and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for verification.

Attributes

Companion
object
Source
MacVerifyRequest.scala
Supertypes
trait Updatable[MacVerifyRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object MacVerifyRequest extends GeneratedMessageCompanion[MacVerifyRequest]

Attributes

Companion
class
Source
MacVerifyRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[MacVerifyRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class MacVerifyResponse(name: String, success: Boolean, verifiedDataCrc32C: Boolean, verifiedMacCrc32C: Boolean, verifiedSuccessIntegrity: Boolean, protectionLevel: ProtectionLevel, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[MacVerifyResponse]

Response message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].

Response message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].

Value parameters

name

The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for verification. Check this field to verify that the intended resource was used for verification.

protectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for verification.

success

This field indicates whether or not the verification operation for [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] over [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] was successful.

verifiedDataCrc32C

Integrity verification field. A flag indicating whether [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the [data][google.cloud.kms.v1.MacVerifyRequest.data]. A false value of this field indicates either that [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] but this field is still false, discard the response and perform a limited number of retries.

verifiedMacCrc32C

Integrity verification field. A flag indicating whether [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the [data][google.cloud.kms.v1.MacVerifyRequest.mac]. A false value of this field indicates either that [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] but this field is still false, discard the response and perform a limited number of retries.

verifiedSuccessIntegrity

Integrity verification field. This value is used for the integrity verification of [MacVerifyResponse.success]. If the value of this field contradicts the value of [MacVerifyResponse.success], discard the response and perform a limited number of retries.

Attributes

Companion
object
Source
MacVerifyResponse.scala
Supertypes
trait Updatable[MacVerifyResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object MacVerifyResponse extends GeneratedMessageCompanion[MacVerifyResponse]

Attributes

Companion
class
Source
MacVerifyResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[MacVerifyResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class RawDecryptRequest(name: String, ciphertext: ByteString, additionalAuthenticatedData: ByteString, initializationVector: ByteString, tagLength: Int, ciphertextCrc32C: Option[Long], additionalAuthenticatedDataCrc32C: Option[Long], initializationVectorCrc32C: Option[Long], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[RawDecryptRequest]

Request message for [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].

Request message for [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].

Value parameters

additionalAuthenticatedData

Optional. Optional data that must match the data originally supplied in [RawEncryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data].

additionalAuthenticatedDataCrc32C

Optional. An optional CRC32C checksum of the [RawDecryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received additional_authenticated_data using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(additional_authenticated_data) is equal to additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

ciphertext

Required. The encrypted data originally returned in [RawEncryptResponse.ciphertext][google.cloud.kms.v1.RawEncryptResponse.ciphertext].

ciphertextCrc32C

Optional. An optional CRC32C checksum of the [RawDecryptRequest.ciphertext][google.cloud.kms.v1.RawDecryptRequest.ciphertext]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received ciphertext using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(ciphertext) is equal to ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

initializationVector

Required. The initialization vector (IV) used during encryption, which must match the data originally provided in [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector].

initializationVectorCrc32C

Optional. An optional CRC32C checksum of the [RawDecryptRequest.initialization_vector][google.cloud.kms.v1.RawDecryptRequest.initialization_vector]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received initialization_vector using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for decryption.

tagLength

The length of the authentication tag that is appended to the end of the ciphertext. If unspecified (0), the default value for the key's algorithm will be used (for AES-GCM, the default value is 16).

Attributes

Companion
object
Source
RawDecryptRequest.scala
Supertypes
trait Updatable[RawDecryptRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object RawDecryptRequest extends GeneratedMessageCompanion[RawDecryptRequest]

Attributes

Companion
class
Source
RawDecryptRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[RawDecryptRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class RawDecryptResponse(plaintext: ByteString, plaintextCrc32C: Option[Long], protectionLevel: ProtectionLevel, verifiedCiphertextCrc32C: Boolean, verifiedAdditionalAuthenticatedDataCrc32C: Boolean, verifiedInitializationVectorCrc32C: Boolean, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[RawDecryptResponse]

Response message for [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].

Response message for [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].

Value parameters

plaintext

The decrypted data.

plaintextCrc32C

Integrity verification field. A CRC32C checksum of the returned [RawDecryptResponse.plaintext][google.cloud.kms.v1.RawDecryptResponse.plaintext]. An integrity check of plaintext can be performed by computing the CRC32C checksum of plaintext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: receiving this response message indicates that [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to successfully decrypt the [ciphertext][google.cloud.kms.v1.RawDecryptRequest.ciphertext]. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

protectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in decryption.

verifiedAdditionalAuthenticatedDataCrc32C

Integrity verification field. A flag indicating whether [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of additional_authenticated_data. A false value of this field indicates either that // [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c] but this field is still false, discard the response and perform a limited number of retries.

verifiedCiphertextCrc32C

Integrity verification field. A flag indicating whether [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the ciphertext. A false value of this field indicates either that [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c] but this field is still false, discard the response and perform a limited number of retries.

verifiedInitializationVectorCrc32C

Integrity verification field. A flag indicating whether [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of initialization_vector. A false value of this field indicates either that [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c] but this field is still false, discard the response and perform a limited number of retries.

Attributes

Companion
object
Source
RawDecryptResponse.scala
Supertypes
trait Updatable[RawDecryptResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object RawDecryptResponse extends GeneratedMessageCompanion[RawDecryptResponse]

Attributes

Companion
class
Source
RawDecryptResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[RawDecryptResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class RawEncryptRequest(name: String, plaintext: ByteString, additionalAuthenticatedData: ByteString, plaintextCrc32C: Option[Long], additionalAuthenticatedDataCrc32C: Option[Long], initializationVector: ByteString, initializationVectorCrc32C: Option[Long], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[RawEncryptRequest]

Request message for [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt].

Request message for [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt].

Value parameters

additionalAuthenticatedData

Optional. Optional data that, if specified, must also be provided during decryption through [RawDecryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data]. This field may only be used in conjunction with an [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm] that accepts additional authenticated data (for example, AES-GCM). The maximum size depends on the key version's [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

additionalAuthenticatedDataCrc32C

Optional. An optional CRC32C checksum of the [RawEncryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received additional_authenticated_data using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(additional_authenticated_data) is equal to additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

initializationVector

Optional. A customer-supplied initialization vector that will be used for encryption. If it is not provided for AES-CBC and AES-CTR, one will be generated. It will be returned in [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector].

initializationVectorCrc32C

Optional. An optional CRC32C checksum of the [RawEncryptRequest.initialization_vector][google.cloud.kms.v1.RawEncryptRequest.initialization_vector]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received initialization_vector using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for encryption.

plaintext

Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

plaintextCrc32C

Optional. An optional CRC32C checksum of the [RawEncryptRequest.plaintext][google.cloud.kms.v1.RawEncryptRequest.plaintext]. If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received plaintext using this checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(plaintext) is equal to plaintext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Attributes

Companion
object
Source
RawEncryptRequest.scala
Supertypes
trait Updatable[RawEncryptRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object RawEncryptRequest extends GeneratedMessageCompanion[RawEncryptRequest]

Attributes

Companion
class
Source
RawEncryptRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[RawEncryptRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class RawEncryptResponse(ciphertext: ByteString, initializationVector: ByteString, tagLength: Int, ciphertextCrc32C: Option[Long], initializationVectorCrc32C: Option[Long], verifiedPlaintextCrc32C: Boolean, verifiedAdditionalAuthenticatedDataCrc32C: Boolean, verifiedInitializationVectorCrc32C: Boolean, name: String, protectionLevel: ProtectionLevel, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[RawEncryptResponse]

Response message for [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt].

Response message for [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt].

Value parameters

ciphertext

The encrypted data. In the case of AES-GCM, the authentication tag is the [tag_length][google.cloud.kms.v1.RawEncryptResponse.tag_length] bytes at the end of this field.

ciphertextCrc32C

Integrity verification field. A CRC32C checksum of the returned [RawEncryptResponse.ciphertext][google.cloud.kms.v1.RawEncryptResponse.ciphertext]. An integrity check of ciphertext can be performed by computing the CRC32C checksum of ciphertext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

initializationVector

The initialization vector (IV) generated by the service during encryption. This value must be stored and provided in [RawDecryptRequest.initialization_vector][google.cloud.kms.v1.RawDecryptRequest.initialization_vector] at decryption time.

initializationVectorCrc32C

Integrity verification field. A CRC32C checksum of the returned [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector]. An integrity check of initialization_vector can be performed by computing the CRC32C checksum of initialization_vector and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

name

The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption. Check this field to verify that the intended resource was used for encryption.

protectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption.

tagLength

The length of the authentication tag that is appended to the end of the ciphertext.

verifiedAdditionalAuthenticatedDataCrc32C

Integrity verification field. A flag indicating whether [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of additional_authenticated_data. A false value of this field indicates either that // [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c] but this field is still false, discard the response and perform a limited number of retries.

verifiedInitializationVectorCrc32C

Integrity verification field. A flag indicating whether [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of initialization_vector. A false value of this field indicates either that [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c] but this field is still false, discard the response and perform a limited number of retries.

verifiedPlaintextCrc32C

Integrity verification field. A flag indicating whether [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c] was received by [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the plaintext. A false value of this field indicates either that [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c] was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c] but this field is still false, discard the response and perform a limited number of retries.

Attributes

Companion
object
Source
RawEncryptResponse.scala
Supertypes
trait Updatable[RawEncryptResponse]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object RawEncryptResponse extends GeneratedMessageCompanion[RawEncryptResponse]

Attributes

Companion
class
Source
RawEncryptResponse.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[RawEncryptResponse]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class RestoreCryptoKeyVersionRequest(name: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[RestoreCryptoKeyVersionRequest]

Request message for [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion].

Request message for [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion].

Value parameters

name

Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore.

Attributes

Companion
object
Source
RestoreCryptoKeyVersionRequest.scala
Supertypes
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object RestoreCryptoKeyVersionRequest extends GeneratedMessageCompanion[RestoreCryptoKeyVersionRequest]

Attributes

Companion
class
Source
RestoreCryptoKeyVersionRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[RestoreCryptoKeyVersionRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
object ServiceProto extends GeneratedFileObject

Attributes

Source
ServiceProto.scala
Supertypes
class GeneratedFileObject
class Object
trait Matchable
class Any
Self type
final case class UpdateCryptoKeyPrimaryVersionRequest(name: String, cryptoKeyVersionId: String, unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[UpdateCryptoKeyPrimaryVersionRequest]

Request message for [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].

Request message for [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].

Value parameters

cryptoKeyVersionId

Required. The id of the child [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary.

name

Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to update.

Attributes

Companion
object
Source
UpdateCryptoKeyPrimaryVersionRequest.scala
Supertypes
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object UpdateCryptoKeyPrimaryVersionRequest extends GeneratedMessageCompanion[UpdateCryptoKeyPrimaryVersionRequest]

Attributes

Companion
class
Source
UpdateCryptoKeyPrimaryVersionRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[UpdateCryptoKeyPrimaryVersionRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class UpdateCryptoKeyRequest(cryptoKey: Option[CryptoKey], updateMask: Option[FieldMask], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[UpdateCryptoKeyRequest]

Request message for [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey].

Request message for [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey].

Value parameters

cryptoKey

Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values.

updateMask

Required. List of fields to be updated in this request.

Attributes

Companion
object
Source
UpdateCryptoKeyRequest.scala
Supertypes
trait Updatable[UpdateCryptoKeyRequest]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object UpdateCryptoKeyRequest extends GeneratedMessageCompanion[UpdateCryptoKeyRequest]

Attributes

Companion
class
Source
UpdateCryptoKeyRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[UpdateCryptoKeyRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
final case class UpdateCryptoKeyVersionRequest(cryptoKeyVersion: Option[CryptoKeyVersion], updateMask: Option[FieldMask], unknownFields: UnknownFieldSet) extends GeneratedMessage, Updatable[UpdateCryptoKeyVersionRequest]

Request message for [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion].

Request message for [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion].

Value parameters

cryptoKeyVersion

Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with updated values.

updateMask

Required. List of fields to be updated in this request.

Attributes

Companion
object
Source
UpdateCryptoKeyVersionRequest.scala
Supertypes
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object UpdateCryptoKeyVersionRequest extends GeneratedMessageCompanion[UpdateCryptoKeyVersionRequest]

Attributes

Companion
class
Source
UpdateCryptoKeyVersionRequest.scala
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[UpdateCryptoKeyVersionRequest]
trait Serializable
class Object
trait Matchable
class Any
Show all
Self type
Generated with