CryptoKeyVersionAlgorithm(value)
The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.
The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT.
Algorithms beginning with RSA_SIGN_
are usable with
CryptoKey.purpose
ASYMMETRIC_SIGN.
The fields in the name after RSA_SIGN_
correspond to the
following parameters: padding algorithm, modulus bit length, and
digest algorithm.
For PSS, the salt length used is equal to the length of digest algorithm. For example, RSA_SIGN_PSS_2048_SHA256 will use PSS with a salt length of 256 bits or 32 bytes.
Algorithms beginning with RSA_DECRYPT_
are usable with
CryptoKey.purpose
ASYMMETRIC_DECRYPT.
The fields in the name after RSA_DECRYPT_
correspond to the
following parameters: padding algorithm, modulus bit length, and
digest algorithm.
Algorithms beginning with EC_SIGN_
are usable with
CryptoKey.purpose
ASYMMETRIC_SIGN.
The fields in the name after EC_SIGN_
correspond to the
following parameters: elliptic curve, digest algorithm.
Algorithms beginning with HMAC_
are usable with
CryptoKey.purpose
MAC.
The suffix following HMAC_
corresponds to the hash algorithm
being used (eg. SHA256).
For more information, see Key purposes and algorithms.
Values: CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED (0): Not specified. GOOGLE_SYMMETRIC_ENCRYPTION (1): Creates symmetric encryption keys. AES_128_GCM (41): AES-GCM (Galois Counter Mode) using 128-bit keys. AES_256_GCM (19): AES-GCM (Galois Counter Mode) using 256-bit keys. AES_128_CBC (42): AES-CBC (Cipher Block Chaining Mode) using 128-bit keys. AES_256_CBC (43): AES-CBC (Cipher Block Chaining Mode) using 256-bit keys. AES_128_CTR (44): AES-CTR (Counter Mode) using 128-bit keys. AES_256_CTR (45): AES-CTR (Counter Mode) using 256-bit keys. RSA_SIGN_PSS_2048_SHA256 (2): RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_SIGN_PSS_3072_SHA256 (3): RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_SIGN_PSS_4096_SHA256 (4): RSASSA-PSS 4096 bit key with a SHA256 digest. RSA_SIGN_PSS_4096_SHA512 (15): RSASSA-PSS 4096 bit key with a SHA512 digest. RSA_SIGN_PKCS1_2048_SHA256 (5): RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. RSA_SIGN_PKCS1_3072_SHA256 (6): RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. RSA_SIGN_PKCS1_4096_SHA256 (7): RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. RSA_SIGN_PKCS1_4096_SHA512 (16): RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. RSA_SIGN_RAW_PKCS1_2048 (28): RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key. RSA_SIGN_RAW_PKCS1_3072 (29): RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key. RSA_SIGN_RAW_PKCS1_4096 (30): RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key. RSA_DECRYPT_OAEP_2048_SHA256 (8): RSAES-OAEP 2048 bit key with a SHA256 digest. RSA_DECRYPT_OAEP_3072_SHA256 (9): RSAES-OAEP 3072 bit key with a SHA256 digest. RSA_DECRYPT_OAEP_4096_SHA256 (10): RSAES-OAEP 4096 bit key with a SHA256 digest. RSA_DECRYPT_OAEP_4096_SHA512 (17): RSAES-OAEP 4096 bit key with a SHA512 digest. RSA_DECRYPT_OAEP_2048_SHA1 (37): RSAES-OAEP 2048 bit key with a SHA1 digest. RSA_DECRYPT_OAEP_3072_SHA1 (38): RSAES-OAEP 3072 bit key with a SHA1 digest. RSA_DECRYPT_OAEP_4096_SHA1 (39): RSAES-OAEP 4096 bit key with a SHA1 digest. EC_SIGN_P256_SHA256 (12): ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms EC_SIGN_P384_SHA384 (13): ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms EC_SIGN_SECP256K1_SHA256 (31): ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms HMAC_SHA256 (32): HMAC-SHA256 signing with a 256 bit key. HMAC_SHA1 (33): HMAC-SHA1 signing with a 160 bit key. HMAC_SHA384 (34): HMAC-SHA384 signing with a 384 bit key. HMAC_SHA512 (35): HMAC-SHA512 signing with a 512 bit key. HMAC_SHA224 (36): HMAC-SHA224 signing with a 224 bit key. EXTERNAL_SYMMETRIC_ENCRYPTION (18): Algorithm representing symmetric encryption by an external key manager.