google-cloud-kms-v1 0.20.0 → 0.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -166,6 +166,18 @@ module Google
166
166
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
167
167
  # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
168
168
  rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
169
+ # Encrypts data using portable cryptographic primitives. Most users should
170
+ # choose [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
171
+ # [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than
172
+ # their raw counterparts. The
173
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
174
+ # [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
175
+ rpc :RawEncrypt, ::Google::Cloud::Kms::V1::RawEncryptRequest, ::Google::Cloud::Kms::V1::RawEncryptResponse
176
+ # Decrypts data that was originally encrypted using a raw cryptographic
177
+ # mechanism. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
178
+ # must be
179
+ # [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
180
+ rpc :RawDecrypt, ::Google::Cloud::Kms::V1::RawDecryptRequest, ::Google::Cloud::Kms::V1::RawDecryptResponse
169
181
  # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
170
182
  # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
171
183
  # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Kms
23
23
  module V1
24
- VERSION = "0.20.0"
24
+ VERSION = "0.21.0"
25
25
  end
26
26
  end
27
27
  end
@@ -178,6 +178,13 @@ module Google
178
178
  # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
179
179
  ASYMMETRIC_DECRYPT = 6
180
180
 
181
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
182
+ # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
183
+ # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
184
+ # This purpose is meant to be used for interoperable symmetric
185
+ # encryption and does not support automatic CryptoKey rotation.
186
+ RAW_ENCRYPT_DECRYPT = 7
187
+
181
188
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
182
189
  # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
183
190
  MAC = 9
@@ -421,6 +428,12 @@ module Google
421
428
  # Creates symmetric encryption keys.
422
429
  GOOGLE_SYMMETRIC_ENCRYPTION = 1
423
430
 
431
+ # AES-GCM (Galois Counter Mode) using 128-bit keys.
432
+ AES_128_GCM = 41
433
+
434
+ # AES-GCM (Galois Counter Mode) using 256-bit keys.
435
+ AES_256_GCM = 19
436
+
424
437
  # RSASSA-PSS 2048 bit key with a SHA256 digest.
425
438
  RSA_SIGN_PSS_2048_SHA256 = 2
426
439
 
@@ -697,6 +697,187 @@ module Google
697
697
  extend ::Google::Protobuf::MessageExts::ClassMethods
698
698
  end
699
699
 
700
+ # Request message for
701
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt KeyManagementService.RawEncrypt}.
702
+ # @!attribute [rw] name
703
+ # @return [::String]
704
+ # Required. The resource name of the
705
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
706
+ # encryption.
707
+ # @!attribute [rw] plaintext
708
+ # @return [::String]
709
+ # Required. The data to encrypt. Must be no larger than 64KiB.
710
+ #
711
+ # The maximum size depends on the key version's
712
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
713
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
714
+ # plaintext must be no larger than 64KiB. For
715
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
716
+ # the plaintext and additional_authenticated_data fields must be no larger
717
+ # than 8KiB.
718
+ # @!attribute [rw] additional_authenticated_data
719
+ # @return [::String]
720
+ # Optional. Optional data that, if specified, must also be provided during
721
+ # decryption through
722
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data RawDecryptRequest.additional_authenticated_data}.
723
+ #
724
+ # This field may only be used in conjunction with an
725
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm} that accepts
726
+ # additional authenticated data (for example, AES-GCM).
727
+ #
728
+ # The maximum size depends on the key version's
729
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
730
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
731
+ # plaintext must be no larger than 64KiB. For
732
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
733
+ # the plaintext and additional_authenticated_data fields must be no larger
734
+ # than 8KiB.
735
+ # @!attribute [rw] plaintext_crc32c
736
+ # @return [::Google::Protobuf::Int64Value]
737
+ # Optional. An optional CRC32C checksum of the
738
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#plaintext RawEncryptRequest.plaintext}.
739
+ # If specified,
740
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
741
+ # verify the integrity of the received plaintext using this checksum.
742
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
743
+ # report an error if the checksum verification fails. If you receive a
744
+ # checksum error, your client should verify that CRC32C(plaintext) is equal
745
+ # to plaintext_crc32c, and if so, perform a limited number of retries. A
746
+ # persistent mismatch may indicate an issue in your computation of the CRC32C
747
+ # checksum. Note: This field is defined as int64 for reasons of compatibility
748
+ # across different languages. However, it is a non-negative integer, which
749
+ # will never exceed 2^32-1, and can be safely downconverted to uint32 in
750
+ # languages that support this type.
751
+ # @!attribute [rw] additional_authenticated_data_crc32c
752
+ # @return [::Google::Protobuf::Int64Value]
753
+ # Optional. An optional CRC32C checksum of the
754
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data RawEncryptRequest.additional_authenticated_data}.
755
+ # If specified,
756
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
757
+ # verify the integrity of the received additional_authenticated_data using
758
+ # this checksum.
759
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
760
+ # report an error if the checksum verification fails. If you receive a
761
+ # checksum error, your client should verify that
762
+ # CRC32C(additional_authenticated_data) is equal to
763
+ # additional_authenticated_data_crc32c, and if so, perform
764
+ # a limited number of retries. A persistent mismatch may indicate an issue in
765
+ # your computation of the CRC32C checksum.
766
+ # Note: This field is defined as int64 for reasons of compatibility across
767
+ # different languages. However, it is a non-negative integer, which will
768
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
769
+ # that support this type.
770
+ # @!attribute [rw] initialization_vector
771
+ # @return [::String]
772
+ # Optional. A customer-supplied initialization vector that will be used for
773
+ # encryption. If it is not provided for AES-CBC and AES-CTR, one will be
774
+ # generated. It will be returned in
775
+ # {::Google::Cloud::Kms::V1::RawEncryptResponse#initialization_vector RawEncryptResponse.initialization_vector}.
776
+ # @!attribute [rw] initialization_vector_crc32c
777
+ # @return [::Google::Protobuf::Int64Value]
778
+ # Optional. An optional CRC32C checksum of the
779
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#initialization_vector RawEncryptRequest.initialization_vector}.
780
+ # If specified,
781
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
782
+ # verify the integrity of the received initialization_vector using this
783
+ # checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
784
+ # will report an error if the checksum verification fails. If you receive a
785
+ # checksum error, your client should verify that
786
+ # CRC32C(initialization_vector) is equal to
787
+ # initialization_vector_crc32c, and if so, perform
788
+ # a limited number of retries. A persistent mismatch may indicate an issue in
789
+ # your computation of the CRC32C checksum.
790
+ # Note: This field is defined as int64 for reasons of compatibility across
791
+ # different languages. However, it is a non-negative integer, which will
792
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
793
+ # that support this type.
794
+ class RawEncryptRequest
795
+ include ::Google::Protobuf::MessageExts
796
+ extend ::Google::Protobuf::MessageExts::ClassMethods
797
+ end
798
+
799
+ # Request message for
800
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt KeyManagementService.RawDecrypt}.
801
+ # @!attribute [rw] name
802
+ # @return [::String]
803
+ # Required. The resource name of the
804
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
805
+ # decryption.
806
+ # @!attribute [rw] ciphertext
807
+ # @return [::String]
808
+ # Required. The encrypted data originally returned in
809
+ # {::Google::Cloud::Kms::V1::RawEncryptResponse#ciphertext RawEncryptResponse.ciphertext}.
810
+ # @!attribute [rw] additional_authenticated_data
811
+ # @return [::String]
812
+ # Optional. Optional data that must match the data originally supplied in
813
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data RawEncryptRequest.additional_authenticated_data}.
814
+ # @!attribute [rw] initialization_vector
815
+ # @return [::String]
816
+ # Required. The initialization vector (IV) used during encryption, which must
817
+ # match the data originally provided in
818
+ # {::Google::Cloud::Kms::V1::RawEncryptResponse#initialization_vector RawEncryptResponse.initialization_vector}.
819
+ # @!attribute [rw] tag_length
820
+ # @return [::Integer]
821
+ # The length of the authentication tag that is appended to the end of
822
+ # the ciphertext. If unspecified (0), the default value for the key's
823
+ # algorithm will be used (for AES-GCM, the default value is 16).
824
+ # @!attribute [rw] ciphertext_crc32c
825
+ # @return [::Google::Protobuf::Int64Value]
826
+ # Optional. An optional CRC32C checksum of the
827
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#ciphertext RawDecryptRequest.ciphertext}.
828
+ # If specified,
829
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
830
+ # verify the integrity of the received ciphertext using this checksum.
831
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
832
+ # report an error if the checksum verification fails. If you receive a
833
+ # checksum error, your client should verify that CRC32C(ciphertext) is equal
834
+ # to ciphertext_crc32c, and if so, perform a limited number of retries. A
835
+ # persistent mismatch may indicate an issue in your computation of the CRC32C
836
+ # checksum. Note: This field is defined as int64 for reasons of compatibility
837
+ # across different languages. However, it is a non-negative integer, which
838
+ # will never exceed 2^32-1, and can be safely downconverted to uint32 in
839
+ # languages that support this type.
840
+ # @!attribute [rw] additional_authenticated_data_crc32c
841
+ # @return [::Google::Protobuf::Int64Value]
842
+ # Optional. An optional CRC32C checksum of the
843
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data RawDecryptRequest.additional_authenticated_data}.
844
+ # If specified,
845
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
846
+ # verify the integrity of the received additional_authenticated_data using
847
+ # this checksum.
848
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
849
+ # report an error if the checksum verification fails. If you receive a
850
+ # checksum error, your client should verify that
851
+ # CRC32C(additional_authenticated_data) is equal to
852
+ # additional_authenticated_data_crc32c, and if so, perform
853
+ # a limited number of retries. A persistent mismatch may indicate an issue in
854
+ # your computation of the CRC32C checksum.
855
+ # Note: This field is defined as int64 for reasons of compatibility across
856
+ # different languages. However, it is a non-negative integer, which will
857
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
858
+ # that support this type.
859
+ # @!attribute [rw] initialization_vector_crc32c
860
+ # @return [::Google::Protobuf::Int64Value]
861
+ # Optional. An optional CRC32C checksum of the
862
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#initialization_vector RawDecryptRequest.initialization_vector}.
863
+ # If specified,
864
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
865
+ # verify the integrity of the received initialization_vector using this
866
+ # checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
867
+ # will report an error if the checksum verification fails. If you receive a
868
+ # checksum error, your client should verify that
869
+ # CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and
870
+ # if so, perform a limited number of retries. A persistent mismatch may
871
+ # indicate an issue in your computation of the CRC32C checksum.
872
+ # Note: This field is defined as int64 for reasons of compatibility across
873
+ # different languages. However, it is a non-negative integer, which will
874
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
875
+ # that support this type.
876
+ class RawDecryptRequest
877
+ include ::Google::Protobuf::MessageExts
878
+ extend ::Google::Protobuf::MessageExts::ClassMethods
879
+ end
880
+
700
881
  # Request message for
701
882
  # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}.
702
883
  # @!attribute [rw] name
@@ -1024,6 +1205,185 @@ module Google
1024
1205
  extend ::Google::Protobuf::MessageExts::ClassMethods
1025
1206
  end
1026
1207
 
1208
+ # Response message for
1209
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt KeyManagementService.RawEncrypt}.
1210
+ # @!attribute [rw] ciphertext
1211
+ # @return [::String]
1212
+ # The encrypted data. In the case of AES-GCM, the authentication tag
1213
+ # is the {::Google::Cloud::Kms::V1::RawEncryptResponse#tag_length tag_length}
1214
+ # bytes at the end of this field.
1215
+ # @!attribute [rw] initialization_vector
1216
+ # @return [::String]
1217
+ # The initialization vector (IV) generated by the service during
1218
+ # encryption. This value must be stored and provided in
1219
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#initialization_vector RawDecryptRequest.initialization_vector}
1220
+ # at decryption time.
1221
+ # @!attribute [rw] tag_length
1222
+ # @return [::Integer]
1223
+ # The length of the authentication tag that is appended to
1224
+ # the end of the ciphertext.
1225
+ # @!attribute [rw] ciphertext_crc32c
1226
+ # @return [::Google::Protobuf::Int64Value]
1227
+ # Integrity verification field. A CRC32C checksum of the returned
1228
+ # {::Google::Cloud::Kms::V1::RawEncryptResponse#ciphertext RawEncryptResponse.ciphertext}.
1229
+ # An integrity check of ciphertext can be performed by computing the CRC32C
1230
+ # checksum of ciphertext and comparing your results to this field. Discard
1231
+ # the response in case of non-matching checksum values, and perform a limited
1232
+ # number of retries. A persistent mismatch may indicate an issue in your
1233
+ # computation of the CRC32C checksum. Note: This field is defined as int64
1234
+ # for reasons of compatibility across different languages. However, it is a
1235
+ # non-negative integer, which will never exceed 2^32-1, and can be safely
1236
+ # downconverted to uint32 in languages that support this type.
1237
+ # @!attribute [rw] initialization_vector_crc32c
1238
+ # @return [::Google::Protobuf::Int64Value]
1239
+ # Integrity verification field. A CRC32C checksum of the returned
1240
+ # {::Google::Cloud::Kms::V1::RawEncryptResponse#initialization_vector RawEncryptResponse.initialization_vector}.
1241
+ # An integrity check of initialization_vector can be performed by computing
1242
+ # the CRC32C checksum of initialization_vector and comparing your results to
1243
+ # this field. Discard the response in case of non-matching checksum values,
1244
+ # and perform a limited number of retries. A persistent mismatch may indicate
1245
+ # an issue in your computation of the CRC32C checksum. Note: This field is
1246
+ # defined as int64 for reasons of compatibility across different languages.
1247
+ # However, it is a non-negative integer, which will never exceed 2^32-1, and
1248
+ # can be safely downconverted to uint32 in languages that support this type.
1249
+ # @!attribute [rw] verified_plaintext_crc32c
1250
+ # @return [::Boolean]
1251
+ # Integrity verification field. A flag indicating whether
1252
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#plaintext_crc32c RawEncryptRequest.plaintext_crc32c}
1253
+ # was received by
1254
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
1255
+ # for the integrity verification of the plaintext. A false value of this
1256
+ # field indicates either that
1257
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#plaintext_crc32c RawEncryptRequest.plaintext_crc32c}
1258
+ # was left unset or that it was not delivered to
1259
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
1260
+ # set
1261
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#plaintext_crc32c RawEncryptRequest.plaintext_crc32c}
1262
+ # but this field is still false, discard the response and perform a limited
1263
+ # number of retries.
1264
+ # @!attribute [rw] verified_additional_authenticated_data_crc32c
1265
+ # @return [::Boolean]
1266
+ # Integrity verification field. A flag indicating whether
1267
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data_crc32c RawEncryptRequest.additional_authenticated_data_crc32c}
1268
+ # was received by
1269
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
1270
+ # for the integrity verification of additional_authenticated_data. A false
1271
+ # value of this field indicates either that //
1272
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data_crc32c RawEncryptRequest.additional_authenticated_data_crc32c}
1273
+ # was left unset or that it was not delivered to
1274
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
1275
+ # set
1276
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data_crc32c RawEncryptRequest.additional_authenticated_data_crc32c}
1277
+ # but this field is still false, discard the response and perform a limited
1278
+ # number of retries.
1279
+ # @!attribute [rw] verified_initialization_vector_crc32c
1280
+ # @return [::Boolean]
1281
+ # Integrity verification field. A flag indicating whether
1282
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#initialization_vector_crc32c RawEncryptRequest.initialization_vector_crc32c}
1283
+ # was received by
1284
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
1285
+ # for the integrity verification of initialization_vector. A false value of
1286
+ # this field indicates either that
1287
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#initialization_vector_crc32c RawEncryptRequest.initialization_vector_crc32c}
1288
+ # was left unset or that it was not delivered to
1289
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
1290
+ # set
1291
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#initialization_vector_crc32c RawEncryptRequest.initialization_vector_crc32c}
1292
+ # but this field is still false, discard the response and perform a limited
1293
+ # number of retries.
1294
+ # @!attribute [rw] name
1295
+ # @return [::String]
1296
+ # The resource name of the
1297
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in
1298
+ # encryption. Check this field to verify that the intended resource was used
1299
+ # for encryption.
1300
+ # @!attribute [rw] protection_level
1301
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
1302
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the
1303
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in
1304
+ # encryption.
1305
+ class RawEncryptResponse
1306
+ include ::Google::Protobuf::MessageExts
1307
+ extend ::Google::Protobuf::MessageExts::ClassMethods
1308
+ end
1309
+
1310
+ # Response message for
1311
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt KeyManagementService.RawDecrypt}.
1312
+ # @!attribute [rw] plaintext
1313
+ # @return [::String]
1314
+ # The decrypted data.
1315
+ # @!attribute [rw] plaintext_crc32c
1316
+ # @return [::Google::Protobuf::Int64Value]
1317
+ # Integrity verification field. A CRC32C checksum of the returned
1318
+ # {::Google::Cloud::Kms::V1::RawDecryptResponse#plaintext RawDecryptResponse.plaintext}.
1319
+ # An integrity check of plaintext can be performed by computing the CRC32C
1320
+ # checksum of plaintext and comparing your results to this field. Discard the
1321
+ # response in case of non-matching checksum values, and perform a limited
1322
+ # number of retries. A persistent mismatch may indicate an issue in your
1323
+ # computation of the CRC32C checksum. Note: receiving this response message
1324
+ # indicates that
1325
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
1326
+ # successfully decrypt the
1327
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#ciphertext ciphertext}.
1328
+ # Note: This field is defined as int64 for reasons of compatibility across
1329
+ # different languages. However, it is a non-negative integer, which will
1330
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1331
+ # that support this type.
1332
+ # @!attribute [rw] protection_level
1333
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
1334
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the
1335
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in
1336
+ # decryption.
1337
+ # @!attribute [rw] verified_ciphertext_crc32c
1338
+ # @return [::Boolean]
1339
+ # Integrity verification field. A flag indicating whether
1340
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#ciphertext_crc32c RawDecryptRequest.ciphertext_crc32c}
1341
+ # was received by
1342
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
1343
+ # for the integrity verification of the ciphertext. A false value of this
1344
+ # field indicates either that
1345
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#ciphertext_crc32c RawDecryptRequest.ciphertext_crc32c}
1346
+ # was left unset or that it was not delivered to
1347
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
1348
+ # set
1349
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#ciphertext_crc32c RawDecryptRequest.ciphertext_crc32c}
1350
+ # but this field is still false, discard the response and perform a limited
1351
+ # number of retries.
1352
+ # @!attribute [rw] verified_additional_authenticated_data_crc32c
1353
+ # @return [::Boolean]
1354
+ # Integrity verification field. A flag indicating whether
1355
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data_crc32c RawDecryptRequest.additional_authenticated_data_crc32c}
1356
+ # was received by
1357
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
1358
+ # for the integrity verification of additional_authenticated_data. A false
1359
+ # value of this field indicates either that //
1360
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data_crc32c RawDecryptRequest.additional_authenticated_data_crc32c}
1361
+ # was left unset or that it was not delivered to
1362
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
1363
+ # set
1364
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data_crc32c RawDecryptRequest.additional_authenticated_data_crc32c}
1365
+ # but this field is still false, discard the response and perform a limited
1366
+ # number of retries.
1367
+ # @!attribute [rw] verified_initialization_vector_crc32c
1368
+ # @return [::Boolean]
1369
+ # Integrity verification field. A flag indicating whether
1370
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#initialization_vector_crc32c RawDecryptRequest.initialization_vector_crc32c}
1371
+ # was received by
1372
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
1373
+ # for the integrity verification of initialization_vector. A false value of
1374
+ # this field indicates either that
1375
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#initialization_vector_crc32c RawDecryptRequest.initialization_vector_crc32c}
1376
+ # was left unset or that it was not delivered to
1377
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
1378
+ # set
1379
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#initialization_vector_crc32c RawDecryptRequest.initialization_vector_crc32c}
1380
+ # but this field is still false, discard the response and perform a limited
1381
+ # number of retries.
1382
+ class RawDecryptResponse
1383
+ include ::Google::Protobuf::MessageExts
1384
+ extend ::Google::Protobuf::MessageExts::ClassMethods
1385
+ end
1386
+
1027
1387
  # Response message for
1028
1388
  # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}.
1029
1389
  # @!attribute [rw] signature
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-kms-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.20.0
4
+ version: 0.21.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-06-06 00:00:00.000000000 Z
11
+ date: 2023-07-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common