public enum CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm
Reference documentation and code samples for the Google Cloud Key Management Service v1 API enum CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.
The algorithm of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what parameters must be used for each cryptographic operation.
The [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
Algorithms beginning with RSA_SIGN_
are usable with
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
[ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].
The fields in the name after RSA_SIGN_
correspond to the following
parameters: padding algorithm, modulus bit length, and digest algorithm.
For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes.
Algorithms beginning with RSA_DECRYPT_
are usable with
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
[ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
The fields in the name after RSA_DECRYPT_
correspond to the following
parameters: padding algorithm, modulus bit length, and digest algorithm.
Algorithms beginning with EC_SIGN_
are usable with
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
[ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].
The fields in the name after EC_SIGN_
correspond to the following
parameters: elliptic curve, digest algorithm.
Algorithms beginning with HMAC_
are usable with
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
[MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC].
The suffix following HMAC_
corresponds to the hash algorithm being used
(eg. SHA256).
For more information, see Key purposes and algorithms.
Namespace
Google.Cloud.Kms.V1Assembly
Google.Cloud.Kms.V1.dll
Fields | |
---|---|
Name | Description |
Aes128Cbc | AES-CBC (Cipher Block Chaining Mode) using 128-bit keys. |
Aes128Ctr | AES-CTR (Counter Mode) using 128-bit keys. |
Aes128Gcm | AES-GCM (Galois Counter Mode) using 128-bit keys. |
Aes256Cbc | AES-CBC (Cipher Block Chaining Mode) using 256-bit keys. |
Aes256Ctr | AES-CTR (Counter Mode) using 256-bit keys. |
Aes256Gcm | AES-GCM (Galois Counter Mode) using 256-bit keys. |
EcSignP256Sha256 | ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
EcSignP384Sha384 | ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
EcSignSecp256K1Sha256 | ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
ExternalSymmetricEncryption | Algorithm representing symmetric encryption by an external key manager. |
GoogleSymmetricEncryption | Creates symmetric encryption keys. |
HmacSha1 | HMAC-SHA1 signing with a 160 bit key. |
HmacSha224 | HMAC-SHA224 signing with a 224 bit key. |
HmacSha256 | HMAC-SHA256 signing with a 256 bit key. |
HmacSha384 | HMAC-SHA384 signing with a 384 bit key. |
HmacSha512 | HMAC-SHA512 signing with a 512 bit key. |
RsaDecryptOaep2048Sha1 | RSAES-OAEP 2048 bit key with a SHA1 digest. |
RsaDecryptOaep2048Sha256 | RSAES-OAEP 2048 bit key with a SHA256 digest. |
RsaDecryptOaep3072Sha1 | RSAES-OAEP 3072 bit key with a SHA1 digest. |
RsaDecryptOaep3072Sha256 | RSAES-OAEP 3072 bit key with a SHA256 digest. |
RsaDecryptOaep4096Sha1 | RSAES-OAEP 4096 bit key with a SHA1 digest. |
RsaDecryptOaep4096Sha256 | RSAES-OAEP 4096 bit key with a SHA256 digest. |
RsaDecryptOaep4096Sha512 | RSAES-OAEP 4096 bit key with a SHA512 digest. |
RsaSignPkcs12048Sha256 | RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. |
RsaSignPkcs13072Sha256 | RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. |
RsaSignPkcs14096Sha256 | RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. |
RsaSignPkcs14096Sha512 | RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. |
RsaSignPss2048Sha256 | RSASSA-PSS 2048 bit key with a SHA256 digest. |
RsaSignPss3072Sha256 | RSASSA-PSS 3072 bit key with a SHA256 digest. |
RsaSignPss4096Sha256 | RSASSA-PSS 4096 bit key with a SHA256 digest. |
RsaSignPss4096Sha512 | RSASSA-PSS 4096 bit key with a SHA512 digest. |
RsaSignRawPkcs12048 | RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key. |
RsaSignRawPkcs13072 | RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key. |
RsaSignRawPkcs14096 | RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key. |
Unspecified | Not specified. |