Cloud Key Management Service (KMS) V1 API - Module Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm (v1.3.0)

Reference documentation and code samples for the Cloud Key Management Service (KMS) V1 API module Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm.

The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.

The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT.

Algorithms beginning with RSA_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after RSA_SIGN_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, RSA_SIGN_PSS_2048_SHA256 will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with RSA_DECRYPT_ are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT.

The fields in the name after RSA_DECRYPT_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with EC_SIGN_ are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after EC_SIGN_ correspond to the following parameters: elliptic curve, digest algorithm.

Algorithms beginning with HMAC_ are usable with CryptoKey.purpose MAC.

The suffix following HMAC_ corresponds to the hash algorithm being used (eg. SHA256).

Algorithms beginning with PQ_ are post-quantum.

For more information, see Key purposes and algorithms.

Constants

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

value: 0
Not specified.

GOOGLE_SYMMETRIC_ENCRYPTION

value: 1
Creates symmetric encryption keys.

AES_128_GCM

value: 41
AES-GCM (Galois Counter Mode) using 128-bit keys.

AES_256_GCM

value: 19
AES-GCM (Galois Counter Mode) using 256-bit keys.

AES_128_CBC

value: 42
AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.

AES_256_CBC

value: 43
AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.

AES_128_CTR

value: 44
AES-CTR (Counter Mode) using 128-bit keys.

AES_256_CTR

value: 45
AES-CTR (Counter Mode) using 256-bit keys.

RSA_SIGN_PSS_2048_SHA256

value: 2
RSASSA-PSS 2048 bit key with a SHA256 digest.

RSA_SIGN_PSS_3072_SHA256

value: 3
RSASSA-PSS 3072 bit key with a SHA256 digest.

RSA_SIGN_PSS_4096_SHA256

value: 4
RSASSA-PSS 4096 bit key with a SHA256 digest.

RSA_SIGN_PSS_4096_SHA512

value: 15
RSASSA-PSS 4096 bit key with a SHA512 digest.

RSA_SIGN_PKCS1_2048_SHA256

value: 5
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_3072_SHA256

value: 6
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_4096_SHA256

value: 7
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_4096_SHA512

value: 16
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

RSA_SIGN_RAW_PKCS1_2048

value: 28
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

RSA_SIGN_RAW_PKCS1_3072

value: 29
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

RSA_SIGN_RAW_PKCS1_4096

value: 30
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

RSA_DECRYPT_OAEP_2048_SHA256

value: 8
RSAES-OAEP 2048 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_3072_SHA256

value: 9
RSAES-OAEP 3072 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_4096_SHA256

value: 10
RSAES-OAEP 4096 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_4096_SHA512

value: 17
RSAES-OAEP 4096 bit key with a SHA512 digest.

RSA_DECRYPT_OAEP_2048_SHA1

value: 37
RSAES-OAEP 2048 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP_3072_SHA1

value: 38
RSAES-OAEP 3072 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP_4096_SHA1

value: 39
RSAES-OAEP 4096 bit key with a SHA1 digest.

EC_SIGN_P256_SHA256

value: 12
ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EC_SIGN_P384_SHA384

value: 13
ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EC_SIGN_SECP256K1_SHA256

value: 31
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

EC_SIGN_ED25519

value: 40
EdDSA on the Curve25519 in pure mode (taking data as input).

HMAC_SHA256

value: 32
HMAC-SHA256 signing with a 256 bit key.

HMAC_SHA1

value: 33
HMAC-SHA1 signing with a 160 bit key.

HMAC_SHA384

value: 34
HMAC-SHA384 signing with a 384 bit key.

HMAC_SHA512

value: 35
HMAC-SHA512 signing with a 512 bit key.

HMAC_SHA224

value: 36
HMAC-SHA224 signing with a 224 bit key.

EXTERNAL_SYMMETRIC_ENCRYPTION

value: 18
Algorithm representing symmetric encryption by an external key manager.