Module: Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm

Defined in:
proto_docs/google/cloud/kms/v1/resources.rb

Overview

The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.

The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT.

Algorithms beginning with "RSA_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, RSA_SIGN_PSS_2048_SHA256 will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with "RSA_DECRYPT_" are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT.

The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with "EC_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm.

Algorithms beginning with "HMAC_" are usable with CryptoKey.purpose MAC.

The suffix following "HMAC_" corresponds to the hash algorithm being used (eg. SHA256).

For more information, see Key purposes and algorithms.

Constant Summary collapse

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED =

Not specified.

0
GOOGLE_SYMMETRIC_ENCRYPTION =

Creates symmetric encryption keys.

1
RSA_SIGN_PSS_2048_SHA256 =

RSASSA-PSS 2048 bit key with a SHA256 digest.

2
RSA_SIGN_PSS_3072_SHA256 =

RSASSA-PSS 3072 bit key with a SHA256 digest.

3
RSA_SIGN_PSS_4096_SHA256 =

RSASSA-PSS 4096 bit key with a SHA256 digest.

4
RSA_SIGN_PSS_4096_SHA512 =

RSASSA-PSS 4096 bit key with a SHA512 digest.

15
RSA_SIGN_PKCS1_2048_SHA256 =

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

5
RSA_SIGN_PKCS1_3072_SHA256 =

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

6
RSA_SIGN_PKCS1_4096_SHA256 =

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

7
RSA_SIGN_PKCS1_4096_SHA512 =

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

16
RSA_SIGN_RAW_PKCS1_2048 =

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

28
RSA_SIGN_RAW_PKCS1_3072 =

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

29
RSA_SIGN_RAW_PKCS1_4096 =

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

30
RSA_DECRYPT_OAEP_2048_SHA256 =

RSAES-OAEP 2048 bit key with a SHA256 digest.

8
RSA_DECRYPT_OAEP_3072_SHA256 =

RSAES-OAEP 3072 bit key with a SHA256 digest.

9
RSA_DECRYPT_OAEP_4096_SHA256 =

RSAES-OAEP 4096 bit key with a SHA256 digest.

10
RSA_DECRYPT_OAEP_4096_SHA512 =

RSAES-OAEP 4096 bit key with a SHA512 digest.

17
RSA_DECRYPT_OAEP_2048_SHA1 =

RSAES-OAEP 2048 bit key with a SHA1 digest.

37
RSA_DECRYPT_OAEP_3072_SHA1 =

RSAES-OAEP 3072 bit key with a SHA1 digest.

38
RSA_DECRYPT_OAEP_4096_SHA1 =

RSAES-OAEP 4096 bit key with a SHA1 digest.

39
EC_SIGN_P256_SHA256 =

ECDSA on the NIST P-256 curve with a SHA256 digest.

12
EC_SIGN_P384_SHA384 =

ECDSA on the NIST P-384 curve with a SHA384 digest.

13
EC_SIGN_SECP256K1_SHA256 =

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

31
HMAC_SHA256 =

HMAC-SHA256 signing with a 256 bit key.

32
HMAC_SHA1 =

HMAC-SHA1 signing with a 160 bit key.

33
HMAC_SHA384 =

HMAC-SHA384 signing with a 384 bit key.

34
HMAC_SHA512 =

HMAC-SHA512 signing with a 512 bit key.

35
HMAC_SHA224 =

HMAC-SHA224 signing with a 224 bit key.

36
EXTERNAL_SYMMETRIC_ENCRYPTION =

Algorithm representing symmetric encryption by an external key manager.

18