google-cloud-kms-v1 0.6.2 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +38 -39
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +481 -167
- data/lib/google/cloud/kms/v1/resources_pb.rb +5 -0
- data/lib/google/cloud/kms/v1/service_pb.rb +59 -12
- data/lib/google/cloud/kms/v1/service_services_pb.rb +26 -15
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/proto_docs/google/cloud/kms/v1/resources.rb +26 -1
- data/proto_docs/google/cloud/kms/v1/service.rb +238 -56
- metadata +4 -4
|
@@ -23,6 +23,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
23
23
|
optional :next_rotation_time, :message, 7, "google.protobuf.Timestamp"
|
|
24
24
|
optional :version_template, :message, 11, "google.cloud.kms.v1.CryptoKeyVersionTemplate"
|
|
25
25
|
map :labels, :string, :string, 10
|
|
26
|
+
optional :import_only, :bool, 13
|
|
27
|
+
optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
|
|
26
28
|
oneof :rotation_schedule do
|
|
27
29
|
optional :rotation_period, :message, 8, "google.protobuf.Duration"
|
|
28
30
|
end
|
|
@@ -32,6 +34,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
32
34
|
value :ENCRYPT_DECRYPT, 1
|
|
33
35
|
value :ASYMMETRIC_SIGN, 5
|
|
34
36
|
value :ASYMMETRIC_DECRYPT, 6
|
|
37
|
+
value :MAC, 9
|
|
35
38
|
end
|
|
36
39
|
add_message "google.cloud.kms.v1.CryptoKeyVersionTemplate" do
|
|
37
40
|
optional :protection_level, :enum, 1, "google.cloud.kms.v1.ProtectionLevel"
|
|
@@ -79,6 +82,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
79
82
|
value :EC_SIGN_P256_SHA256, 12
|
|
80
83
|
value :EC_SIGN_P384_SHA384, 13
|
|
81
84
|
value :EC_SIGN_SECP256K1_SHA256, 31
|
|
85
|
+
value :HMAC_SHA256, 32
|
|
82
86
|
value :EXTERNAL_SYMMETRIC_ENCRYPTION, 18
|
|
83
87
|
end
|
|
84
88
|
add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState" do
|
|
@@ -100,6 +104,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
100
104
|
optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
|
|
101
105
|
optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
102
106
|
optional :name, :string, 4
|
|
107
|
+
optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
|
|
103
108
|
end
|
|
104
109
|
add_message "google.cloud.kms.v1.ImportJob" do
|
|
105
110
|
optional :name, :string, 1
|
|
@@ -113,6 +113,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
113
113
|
optional :crypto_key_version, :message, 1, "google.cloud.kms.v1.CryptoKeyVersion"
|
|
114
114
|
optional :update_mask, :message, 2, "google.protobuf.FieldMask"
|
|
115
115
|
end
|
|
116
|
+
add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
|
|
117
|
+
optional :name, :string, 1
|
|
118
|
+
optional :crypto_key_version_id, :string, 2
|
|
119
|
+
end
|
|
120
|
+
add_message "google.cloud.kms.v1.DestroyCryptoKeyVersionRequest" do
|
|
121
|
+
optional :name, :string, 1
|
|
122
|
+
end
|
|
123
|
+
add_message "google.cloud.kms.v1.RestoreCryptoKeyVersionRequest" do
|
|
124
|
+
optional :name, :string, 1
|
|
125
|
+
end
|
|
116
126
|
add_message "google.cloud.kms.v1.EncryptRequest" do
|
|
117
127
|
optional :name, :string, 1
|
|
118
128
|
optional :plaintext, :bytes, 2
|
|
@@ -137,9 +147,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
137
147
|
optional :ciphertext, :bytes, 3
|
|
138
148
|
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
|
139
149
|
end
|
|
140
|
-
add_message "google.cloud.kms.v1.
|
|
141
|
-
optional :
|
|
142
|
-
optional :
|
|
150
|
+
add_message "google.cloud.kms.v1.MacSignRequest" do
|
|
151
|
+
optional :name, :string, 1
|
|
152
|
+
optional :data, :bytes, 2
|
|
153
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
154
|
+
end
|
|
155
|
+
add_message "google.cloud.kms.v1.MacVerifyRequest" do
|
|
156
|
+
optional :name, :string, 1
|
|
157
|
+
optional :data, :bytes, 2
|
|
158
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
159
|
+
optional :mac, :bytes, 4
|
|
160
|
+
optional :mac_crc32c, :message, 5, "google.protobuf.Int64Value"
|
|
161
|
+
end
|
|
162
|
+
add_message "google.cloud.kms.v1.GenerateRandomBytesRequest" do
|
|
163
|
+
optional :location, :string, 1
|
|
164
|
+
optional :length_bytes, :int32, 2
|
|
165
|
+
optional :protection_level, :enum, 3, "google.cloud.kms.v1.ProtectionLevel"
|
|
143
166
|
end
|
|
144
167
|
add_message "google.cloud.kms.v1.EncryptResponse" do
|
|
145
168
|
optional :name, :string, 1
|
|
@@ -147,27 +170,45 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
147
170
|
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
|
148
171
|
optional :verified_plaintext_crc32c, :bool, 5
|
|
149
172
|
optional :verified_additional_authenticated_data_crc32c, :bool, 6
|
|
173
|
+
optional :protection_level, :enum, 7, "google.cloud.kms.v1.ProtectionLevel"
|
|
174
|
+
end
|
|
175
|
+
add_message "google.cloud.kms.v1.DecryptResponse" do
|
|
176
|
+
optional :plaintext, :bytes, 1
|
|
177
|
+
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
178
|
+
optional :used_primary, :bool, 3
|
|
179
|
+
optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
|
|
150
180
|
end
|
|
151
181
|
add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
|
|
152
182
|
optional :signature, :bytes, 1
|
|
153
183
|
optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
154
184
|
optional :verified_digest_crc32c, :bool, 3
|
|
155
185
|
optional :name, :string, 4
|
|
186
|
+
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
|
156
187
|
end
|
|
157
188
|
add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
|
|
158
189
|
optional :plaintext, :bytes, 1
|
|
159
190
|
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
160
191
|
optional :verified_ciphertext_crc32c, :bool, 3
|
|
192
|
+
optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
|
|
161
193
|
end
|
|
162
|
-
add_message "google.cloud.kms.v1.
|
|
194
|
+
add_message "google.cloud.kms.v1.MacSignResponse" do
|
|
163
195
|
optional :name, :string, 1
|
|
164
|
-
optional :
|
|
196
|
+
optional :mac, :bytes, 2
|
|
197
|
+
optional :mac_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
198
|
+
optional :verified_data_crc32c, :bool, 4
|
|
199
|
+
optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
|
|
165
200
|
end
|
|
166
|
-
add_message "google.cloud.kms.v1.
|
|
201
|
+
add_message "google.cloud.kms.v1.MacVerifyResponse" do
|
|
167
202
|
optional :name, :string, 1
|
|
203
|
+
optional :success, :bool, 2
|
|
204
|
+
optional :verified_data_crc32c, :bool, 3
|
|
205
|
+
optional :verified_mac_crc32c, :bool, 4
|
|
206
|
+
optional :verified_success_integrity, :bool, 5
|
|
207
|
+
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
|
168
208
|
end
|
|
169
|
-
add_message "google.cloud.kms.v1.
|
|
170
|
-
optional :
|
|
209
|
+
add_message "google.cloud.kms.v1.GenerateRandomBytesResponse" do
|
|
210
|
+
optional :data, :bytes, 1
|
|
211
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
171
212
|
end
|
|
172
213
|
add_message "google.cloud.kms.v1.Digest" do
|
|
173
214
|
oneof :digest do
|
|
@@ -207,17 +248,23 @@ module Google
|
|
|
207
248
|
CreateImportJobRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CreateImportJobRequest").msgclass
|
|
208
249
|
UpdateCryptoKeyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyRequest").msgclass
|
|
209
250
|
UpdateCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyVersionRequest").msgclass
|
|
251
|
+
UpdateCryptoKeyPrimaryVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest").msgclass
|
|
252
|
+
DestroyCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DestroyCryptoKeyVersionRequest").msgclass
|
|
253
|
+
RestoreCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.RestoreCryptoKeyVersionRequest").msgclass
|
|
210
254
|
EncryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptRequest").msgclass
|
|
211
255
|
DecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptRequest").msgclass
|
|
212
256
|
AsymmetricSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignRequest").msgclass
|
|
213
257
|
AsymmetricDecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptRequest").msgclass
|
|
214
|
-
|
|
258
|
+
MacSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignRequest").msgclass
|
|
259
|
+
MacVerifyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyRequest").msgclass
|
|
260
|
+
GenerateRandomBytesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesRequest").msgclass
|
|
215
261
|
EncryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptResponse").msgclass
|
|
262
|
+
DecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptResponse").msgclass
|
|
216
263
|
AsymmetricSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignResponse").msgclass
|
|
217
264
|
AsymmetricDecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptResponse").msgclass
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
265
|
+
MacSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignResponse").msgclass
|
|
266
|
+
MacVerifyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyResponse").msgclass
|
|
267
|
+
GenerateRandomBytesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesResponse").msgclass
|
|
221
268
|
Digest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.Digest").msgclass
|
|
222
269
|
LocationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.LocationMetadata").msgclass
|
|
223
270
|
end
|
|
@@ -100,21 +100,6 @@ module Google
|
|
|
100
100
|
# method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
|
|
101
101
|
# move between other states.
|
|
102
102
|
rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
103
|
-
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
|
104
|
-
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
105
|
-
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
106
|
-
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
|
107
|
-
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
108
|
-
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
109
|
-
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
|
110
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
111
|
-
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
112
|
-
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
|
113
|
-
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
|
114
|
-
# Decrypts data that was encrypted with a public key retrieved from
|
|
115
|
-
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
|
116
|
-
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
|
117
|
-
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
|
118
103
|
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
|
119
104
|
#
|
|
120
105
|
# Returns an error if called on a key whose purpose is not
|
|
@@ -141,6 +126,32 @@ module Google
|
|
|
141
126
|
# will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
|
142
127
|
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
|
|
143
128
|
rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
129
|
+
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
|
130
|
+
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
131
|
+
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
132
|
+
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
|
133
|
+
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
134
|
+
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
135
|
+
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
|
136
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
137
|
+
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
138
|
+
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
|
139
|
+
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
|
140
|
+
# Decrypts data that was encrypted with a public key retrieved from
|
|
141
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
|
142
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
|
143
|
+
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
|
144
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
145
|
+
# MAC, producing a tag that can be verified by another source with the
|
|
146
|
+
# same key.
|
|
147
|
+
rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
|
|
148
|
+
# Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
149
|
+
# MAC, and returns a response that indicates whether or not the verification
|
|
150
|
+
# was successful.
|
|
151
|
+
rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
|
|
152
|
+
# Generate random bytes using the Cloud KMS randomness source in the provided
|
|
153
|
+
# location.
|
|
154
|
+
rpc :GenerateRandomBytes, ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse
|
|
144
155
|
end
|
|
145
156
|
|
|
146
157
|
Stub = Service.rpc_stub_class
|
|
@@ -97,6 +97,16 @@ module Google
|
|
|
97
97
|
# @return [::Google::Protobuf::Map{::String => ::String}]
|
|
98
98
|
# Labels with user-defined metadata. For more information, see
|
|
99
99
|
# [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
|
|
100
|
+
# @!attribute [rw] import_only
|
|
101
|
+
# @return [::Boolean]
|
|
102
|
+
# Immutable. Whether this key may contain imported versions only.
|
|
103
|
+
# @!attribute [rw] destroy_scheduled_duration
|
|
104
|
+
# @return [::Google::Protobuf::Duration]
|
|
105
|
+
# Immutable. The period of time that versions of this key spend in the
|
|
106
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
|
|
107
|
+
# state before transitioning to
|
|
108
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}. If not
|
|
109
|
+
# specified at creation time, the default duration is 24 hours.
|
|
100
110
|
class CryptoKey
|
|
101
111
|
include ::Google::Protobuf::MessageExts
|
|
102
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -132,6 +142,10 @@ module Google
|
|
|
132
142
|
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt} and
|
|
133
143
|
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
|
|
134
144
|
ASYMMETRIC_DECRYPT = 6
|
|
145
|
+
|
|
146
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used with
|
|
147
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
|
|
148
|
+
MAC = 9
|
|
135
149
|
end
|
|
136
150
|
end
|
|
137
151
|
|
|
@@ -288,6 +302,12 @@ module Google
|
|
|
288
302
|
# The fields in the name after "EC_SIGN_" correspond to the following
|
|
289
303
|
# parameters: elliptic curve, digest algorithm.
|
|
290
304
|
#
|
|
305
|
+
# Algorithms beginning with "HMAC_" are usable with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
|
|
306
|
+
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::MAC MAC}.
|
|
307
|
+
#
|
|
308
|
+
# The suffix following "HMAC_" corresponds to the hash algorithm being used
|
|
309
|
+
# (eg. SHA256).
|
|
310
|
+
#
|
|
291
311
|
# For more information, see [Key purposes and algorithms]
|
|
292
312
|
# (https://cloud.google.com/kms/docs/algorithms).
|
|
293
313
|
module CryptoKeyVersionAlgorithm
|
|
@@ -343,6 +363,9 @@ module Google
|
|
|
343
363
|
# HSM protection level.
|
|
344
364
|
EC_SIGN_SECP256K1_SHA256 = 31
|
|
345
365
|
|
|
366
|
+
# HMAC-SHA256 signing with a 256 bit key.
|
|
367
|
+
HMAC_SHA256 = 32
|
|
368
|
+
|
|
346
369
|
# Algorithm representing symmetric encryption by an external key manager.
|
|
347
370
|
EXTERNAL_SYMMETRIC_ENCRYPTION = 18
|
|
348
371
|
end
|
|
@@ -365,7 +388,6 @@ module Google
|
|
|
365
388
|
DISABLED = 2
|
|
366
389
|
|
|
367
390
|
# This version is destroyed, and the key material is no longer stored.
|
|
368
|
-
# A version may not leave this state once entered.
|
|
369
391
|
DESTROYED = 3
|
|
370
392
|
|
|
371
393
|
# This version is scheduled for destruction, and will be destroyed soon.
|
|
@@ -435,6 +457,9 @@ module Google
|
|
|
435
457
|
# Provided here for verification.
|
|
436
458
|
#
|
|
437
459
|
# NOTE: This field is in Beta.
|
|
460
|
+
# @!attribute [rw] protection_level
|
|
461
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
462
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
|
|
438
463
|
class PublicKey
|
|
439
464
|
include ::Google::Protobuf::MessageExts
|
|
440
465
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -408,6 +408,36 @@ module Google
|
|
|
408
408
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
409
409
|
end
|
|
410
410
|
|
|
411
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_primary_version KeyManagementService.UpdateCryptoKeyPrimaryVersion}.
|
|
412
|
+
# @!attribute [rw] name
|
|
413
|
+
# @return [::String]
|
|
414
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
|
|
415
|
+
# @!attribute [rw] crypto_key_version_id
|
|
416
|
+
# @return [::String]
|
|
417
|
+
# Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
|
|
418
|
+
class UpdateCryptoKeyPrimaryVersionRequest
|
|
419
|
+
include ::Google::Protobuf::MessageExts
|
|
420
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
421
|
+
end
|
|
422
|
+
|
|
423
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version KeyManagementService.DestroyCryptoKeyVersion}.
|
|
424
|
+
# @!attribute [rw] name
|
|
425
|
+
# @return [::String]
|
|
426
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
|
|
427
|
+
class DestroyCryptoKeyVersionRequest
|
|
428
|
+
include ::Google::Protobuf::MessageExts
|
|
429
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
430
|
+
end
|
|
431
|
+
|
|
432
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version KeyManagementService.RestoreCryptoKeyVersion}.
|
|
433
|
+
# @!attribute [rw] name
|
|
434
|
+
# @return [::String]
|
|
435
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
|
|
436
|
+
class RestoreCryptoKeyVersionRequest
|
|
437
|
+
include ::Google::Protobuf::MessageExts
|
|
438
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
439
|
+
end
|
|
440
|
+
|
|
411
441
|
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt KeyManagementService.Encrypt}.
|
|
412
442
|
# @!attribute [rw] name
|
|
413
443
|
# @return [::String]
|
|
@@ -452,8 +482,6 @@ module Google
|
|
|
452
482
|
# different languages. However, it is a non-negative integer, which will
|
|
453
483
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
454
484
|
# that support this type.
|
|
455
|
-
#
|
|
456
|
-
# NOTE: This field is in Beta.
|
|
457
485
|
# @!attribute [rw] additional_authenticated_data_crc32c
|
|
458
486
|
# @return [::Google::Protobuf::Int64Value]
|
|
459
487
|
# Optional. An optional CRC32C checksum of the
|
|
@@ -470,8 +498,6 @@ module Google
|
|
|
470
498
|
# different languages. However, it is a non-negative integer, which will
|
|
471
499
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
472
500
|
# that support this type.
|
|
473
|
-
#
|
|
474
|
-
# NOTE: This field is in Beta.
|
|
475
501
|
class EncryptRequest
|
|
476
502
|
include ::Google::Protobuf::MessageExts
|
|
477
503
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -505,8 +531,6 @@ module Google
|
|
|
505
531
|
# different languages. However, it is a non-negative integer, which will
|
|
506
532
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
507
533
|
# that support this type.
|
|
508
|
-
#
|
|
509
|
-
# NOTE: This field is in Beta.
|
|
510
534
|
# @!attribute [rw] additional_authenticated_data_crc32c
|
|
511
535
|
# @return [::Google::Protobuf::Int64Value]
|
|
512
536
|
# Optional. An optional CRC32C checksum of the
|
|
@@ -523,8 +547,6 @@ module Google
|
|
|
523
547
|
# different languages. However, it is a non-negative integer, which will
|
|
524
548
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
525
549
|
# that support this type.
|
|
526
|
-
#
|
|
527
|
-
# NOTE: This field is in Beta.
|
|
528
550
|
class DecryptRequest
|
|
529
551
|
include ::Google::Protobuf::MessageExts
|
|
530
552
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -554,8 +576,6 @@ module Google
|
|
|
554
576
|
# different languages. However, it is a non-negative integer, which will
|
|
555
577
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
556
578
|
# that support this type.
|
|
557
|
-
#
|
|
558
|
-
# NOTE: This field is in Beta.
|
|
559
579
|
class AsymmetricSignRequest
|
|
560
580
|
include ::Google::Protobuf::MessageExts
|
|
561
581
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -585,35 +605,99 @@ module Google
|
|
|
585
605
|
# different languages. However, it is a non-negative integer, which will
|
|
586
606
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
587
607
|
# that support this type.
|
|
588
|
-
#
|
|
589
|
-
# NOTE: This field is in Beta.
|
|
590
608
|
class AsymmetricDecryptRequest
|
|
591
609
|
include ::Google::Protobuf::MessageExts
|
|
592
610
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
593
611
|
end
|
|
594
612
|
|
|
595
|
-
#
|
|
596
|
-
# @!attribute [rw]
|
|
613
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
|
|
614
|
+
# @!attribute [rw] name
|
|
597
615
|
# @return [::String]
|
|
598
|
-
# The
|
|
599
|
-
# @!attribute [rw]
|
|
616
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
|
|
617
|
+
# @!attribute [rw] data
|
|
618
|
+
# @return [::String]
|
|
619
|
+
# Required. The data to sign. The MAC tag is computed over this data field based on
|
|
620
|
+
# the specific algorithm.
|
|
621
|
+
# @!attribute [rw] data_crc32c
|
|
600
622
|
# @return [::Google::Protobuf::Int64Value]
|
|
601
|
-
#
|
|
602
|
-
# {::Google::Cloud::Kms::V1::
|
|
603
|
-
# {::Google::Cloud::Kms::V1::
|
|
604
|
-
#
|
|
605
|
-
#
|
|
606
|
-
#
|
|
607
|
-
#
|
|
608
|
-
#
|
|
609
|
-
#
|
|
623
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
|
|
624
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
|
625
|
+
# received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum.
|
|
626
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
|
627
|
+
# fails. If you receive a checksum error, your client should verify that
|
|
628
|
+
# CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to
|
|
629
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited
|
|
630
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
|
631
|
+
# computation of the CRC32C checksum.
|
|
610
632
|
# Note: This field is defined as int64 for reasons of compatibility across
|
|
611
633
|
# different languages. However, it is a non-negative integer, which will
|
|
612
634
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
613
635
|
# that support this type.
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
|
|
636
|
+
class MacSignRequest
|
|
637
|
+
include ::Google::Protobuf::MessageExts
|
|
638
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
639
|
+
end
|
|
640
|
+
|
|
641
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
|
|
642
|
+
# @!attribute [rw] name
|
|
643
|
+
# @return [::String]
|
|
644
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification.
|
|
645
|
+
# @!attribute [rw] data
|
|
646
|
+
# @return [::String]
|
|
647
|
+
# Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC
|
|
648
|
+
# tag.
|
|
649
|
+
# @!attribute [rw] data_crc32c
|
|
650
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
651
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
|
|
652
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
|
653
|
+
# received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum.
|
|
654
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
|
655
|
+
# fails. If you receive a checksum error, your client should verify that
|
|
656
|
+
# CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to
|
|
657
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited
|
|
658
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
|
659
|
+
# computation of the CRC32C checksum.
|
|
660
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
661
|
+
# different languages. However, it is a non-negative integer, which will
|
|
662
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
663
|
+
# that support this type.
|
|
664
|
+
# @!attribute [rw] mac
|
|
665
|
+
# @return [::String]
|
|
666
|
+
# Required. The signature to verify.
|
|
667
|
+
# @!attribute [rw] mac_crc32c
|
|
668
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
669
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
|
|
670
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
|
671
|
+
# received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum.
|
|
672
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
|
673
|
+
# fails. If you receive a checksum error, your client should verify that
|
|
674
|
+
# CRC32C([MacVerifyRequest.tag][]) is equal to
|
|
675
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited
|
|
676
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
|
677
|
+
# computation of the CRC32C checksum.
|
|
678
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
679
|
+
# different languages. However, it is a non-negative integer, which will
|
|
680
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
681
|
+
# that support this type.
|
|
682
|
+
class MacVerifyRequest
|
|
683
|
+
include ::Google::Protobuf::MessageExts
|
|
684
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
685
|
+
end
|
|
686
|
+
|
|
687
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
|
|
688
|
+
# @!attribute [rw] location
|
|
689
|
+
# @return [::String]
|
|
690
|
+
# The project-specific location in which to generate random bytes.
|
|
691
|
+
# For example, "projects/my-project/locations/us-central1".
|
|
692
|
+
# @!attribute [rw] length_bytes
|
|
693
|
+
# @return [::Integer]
|
|
694
|
+
# The length in bytes of the amount of randomness to retrieve. Minimum 8
|
|
695
|
+
# bytes, maximum 1024 bytes.
|
|
696
|
+
# @!attribute [rw] protection_level
|
|
697
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
698
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to
|
|
699
|
+
# {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
|
|
700
|
+
class GenerateRandomBytesRequest
|
|
617
701
|
include ::Google::Protobuf::MessageExts
|
|
618
702
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
619
703
|
end
|
|
@@ -639,8 +723,6 @@ module Google
|
|
|
639
723
|
# different languages. However, it is a non-negative integer, which will
|
|
640
724
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
641
725
|
# that support this type.
|
|
642
|
-
#
|
|
643
|
-
# NOTE: This field is in Beta.
|
|
644
726
|
# @!attribute [rw] verified_plaintext_crc32c
|
|
645
727
|
# @return [::Boolean]
|
|
646
728
|
# Integrity verification field. A flag indicating whether
|
|
@@ -651,8 +733,6 @@ module Google
|
|
|
651
733
|
# that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
|
|
652
734
|
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard
|
|
653
735
|
# the response and perform a limited number of retries.
|
|
654
|
-
#
|
|
655
|
-
# NOTE: This field is in Beta.
|
|
656
736
|
# @!attribute [rw] verified_additional_authenticated_data_crc32c
|
|
657
737
|
# @return [::Boolean]
|
|
658
738
|
# Integrity verification field. A flag indicating whether
|
|
@@ -664,13 +744,44 @@ module Google
|
|
|
664
744
|
# that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
|
|
665
745
|
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is
|
|
666
746
|
# still false, discard the response and perform a limited number of retries.
|
|
667
|
-
#
|
|
668
|
-
#
|
|
747
|
+
# @!attribute [rw] protection_level
|
|
748
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
749
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in encryption.
|
|
669
750
|
class EncryptResponse
|
|
670
751
|
include ::Google::Protobuf::MessageExts
|
|
671
752
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
672
753
|
end
|
|
673
754
|
|
|
755
|
+
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}.
|
|
756
|
+
# @!attribute [rw] plaintext
|
|
757
|
+
# @return [::String]
|
|
758
|
+
# The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
|
|
759
|
+
# @!attribute [rw] plaintext_crc32c
|
|
760
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
761
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
|
762
|
+
# {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
|
|
763
|
+
# {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
|
|
764
|
+
# checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
|
|
765
|
+
# this field. Discard the response in case of non-matching checksum values,
|
|
766
|
+
# and perform a limited number of retries. A persistent mismatch may indicate
|
|
767
|
+
# an issue in your computation of the CRC32C checksum. Note: receiving this
|
|
768
|
+
# response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
|
|
769
|
+
# successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
|
|
770
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
771
|
+
# different languages. However, it is a non-negative integer, which will
|
|
772
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
773
|
+
# that support this type.
|
|
774
|
+
# @!attribute [rw] used_primary
|
|
775
|
+
# @return [::Boolean]
|
|
776
|
+
# Whether the Decryption was performed using the primary key version.
|
|
777
|
+
# @!attribute [rw] protection_level
|
|
778
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
779
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption.
|
|
780
|
+
class DecryptResponse
|
|
781
|
+
include ::Google::Protobuf::MessageExts
|
|
782
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
783
|
+
end
|
|
784
|
+
|
|
674
785
|
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}.
|
|
675
786
|
# @!attribute [rw] signature
|
|
676
787
|
# @return [::String]
|
|
@@ -688,8 +799,6 @@ module Google
|
|
|
688
799
|
# different languages. However, it is a non-negative integer, which will
|
|
689
800
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
690
801
|
# that support this type.
|
|
691
|
-
#
|
|
692
|
-
# NOTE: This field is in Beta.
|
|
693
802
|
# @!attribute [rw] verified_digest_crc32c
|
|
694
803
|
# @return [::Boolean]
|
|
695
804
|
# Integrity verification field. A flag indicating whether
|
|
@@ -700,14 +809,13 @@ module Google
|
|
|
700
809
|
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
701
810
|
# set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false,
|
|
702
811
|
# discard the response and perform a limited number of retries.
|
|
703
|
-
#
|
|
704
|
-
# NOTE: This field is in Beta.
|
|
705
812
|
# @!attribute [rw] name
|
|
706
813
|
# @return [::String]
|
|
707
814
|
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
|
|
708
815
|
# this field to verify that the intended resource was used for signing.
|
|
709
|
-
#
|
|
710
|
-
#
|
|
816
|
+
# @!attribute [rw] protection_level
|
|
817
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
818
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
|
|
711
819
|
class AsymmetricSignResponse
|
|
712
820
|
include ::Google::Protobuf::MessageExts
|
|
713
821
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -730,8 +838,6 @@ module Google
|
|
|
730
838
|
# different languages. However, it is a non-negative integer, which will
|
|
731
839
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
732
840
|
# that support this type.
|
|
733
|
-
#
|
|
734
|
-
# NOTE: This field is in Beta.
|
|
735
841
|
# @!attribute [rw] verified_ciphertext_crc32c
|
|
736
842
|
# @return [::Boolean]
|
|
737
843
|
# Integrity verification field. A flag indicating whether
|
|
@@ -742,39 +848,115 @@ module Google
|
|
|
742
848
|
# was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If
|
|
743
849
|
# you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is
|
|
744
850
|
# still false, discard the response and perform a limited number of retries.
|
|
745
|
-
#
|
|
746
|
-
#
|
|
851
|
+
# @!attribute [rw] protection_level
|
|
852
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
853
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption.
|
|
747
854
|
class AsymmetricDecryptResponse
|
|
748
855
|
include ::Google::Protobuf::MessageExts
|
|
749
856
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
750
857
|
end
|
|
751
858
|
|
|
752
|
-
#
|
|
859
|
+
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
|
|
753
860
|
# @!attribute [rw] name
|
|
754
861
|
# @return [::String]
|
|
755
|
-
#
|
|
756
|
-
#
|
|
862
|
+
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
|
|
863
|
+
# this field to verify that the intended resource was used for signing.
|
|
864
|
+
# @!attribute [rw] mac
|
|
757
865
|
# @return [::String]
|
|
758
|
-
#
|
|
759
|
-
|
|
866
|
+
# The created signature.
|
|
867
|
+
# @!attribute [rw] mac_crc32c
|
|
868
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
869
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
|
870
|
+
# {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac}. An integrity check of
|
|
871
|
+
# {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} can be performed by computing the
|
|
872
|
+
# CRC32C checksum of {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} and comparing your
|
|
873
|
+
# results to this field. Discard the response in case of non-matching
|
|
874
|
+
# checksum values, and perform a limited number of retries. A persistent
|
|
875
|
+
# mismatch may indicate an issue in your computation of the CRC32C checksum.
|
|
876
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
877
|
+
# different languages. However, it is a non-negative integer, which will
|
|
878
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
879
|
+
# that support this type.
|
|
880
|
+
# @!attribute [rw] verified_data_crc32c
|
|
881
|
+
# @return [::Boolean]
|
|
882
|
+
# Integrity verification field. A flag indicating whether
|
|
883
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was received by
|
|
884
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
|
885
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data data}. A false value of this field
|
|
886
|
+
# indicates either that {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was left
|
|
887
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
888
|
+
# set {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} but this field is still false,
|
|
889
|
+
# discard the response and perform a limited number of retries.
|
|
890
|
+
# @!attribute [rw] protection_level
|
|
891
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
892
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
|
|
893
|
+
class MacSignResponse
|
|
760
894
|
include ::Google::Protobuf::MessageExts
|
|
761
895
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
762
896
|
end
|
|
763
897
|
|
|
764
|
-
#
|
|
898
|
+
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
|
|
765
899
|
# @!attribute [rw] name
|
|
766
900
|
# @return [::String]
|
|
767
|
-
#
|
|
768
|
-
|
|
901
|
+
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification.
|
|
902
|
+
# Check this field to verify that the intended resource was used for
|
|
903
|
+
# verification.
|
|
904
|
+
# @!attribute [rw] success
|
|
905
|
+
# @return [::Boolean]
|
|
906
|
+
# This field indicates whether or not the verification operation for
|
|
907
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} over {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} was successful.
|
|
908
|
+
# @!attribute [rw] verified_data_crc32c
|
|
909
|
+
# @return [::Boolean]
|
|
910
|
+
# Integrity verification field. A flag indicating whether
|
|
911
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was received by
|
|
912
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
|
913
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#data data}. A false value of this field
|
|
914
|
+
# indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was left
|
|
915
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
916
|
+
# set {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} but this field is still false,
|
|
917
|
+
# discard the response and perform a limited number of retries.
|
|
918
|
+
# @!attribute [rw] verified_mac_crc32c
|
|
919
|
+
# @return [::Boolean]
|
|
920
|
+
# Integrity verification field. A flag indicating whether
|
|
921
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was received by
|
|
922
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
|
923
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac data}. A false value of this field
|
|
924
|
+
# indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was left
|
|
925
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
926
|
+
# set {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} but this field is still false,
|
|
927
|
+
# discard the response and perform a limited number of retries.
|
|
928
|
+
# @!attribute [rw] verified_success_integrity
|
|
929
|
+
# @return [::Boolean]
|
|
930
|
+
# Integrity verification field. This value is used for the integrity
|
|
931
|
+
# verification of [MacVerifyResponse.success]. If the value of this field
|
|
932
|
+
# contradicts the value of [MacVerifyResponse.success], discard the response
|
|
933
|
+
# and perform a limited number of retries.
|
|
934
|
+
# @!attribute [rw] protection_level
|
|
935
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
936
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification.
|
|
937
|
+
class MacVerifyResponse
|
|
769
938
|
include ::Google::Protobuf::MessageExts
|
|
770
939
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
771
940
|
end
|
|
772
941
|
|
|
773
|
-
#
|
|
774
|
-
# @!attribute [rw]
|
|
942
|
+
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
|
|
943
|
+
# @!attribute [rw] data
|
|
775
944
|
# @return [::String]
|
|
776
|
-
#
|
|
777
|
-
|
|
945
|
+
# The generated data.
|
|
946
|
+
# @!attribute [rw] data_crc32c
|
|
947
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
948
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
|
949
|
+
# {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data}. An integrity check of
|
|
950
|
+
# {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} can be performed by computing the
|
|
951
|
+
# CRC32C checksum of {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} and comparing your
|
|
952
|
+
# results to this field. Discard the response in case of non-matching
|
|
953
|
+
# checksum values, and perform a limited number of retries. A persistent
|
|
954
|
+
# mismatch may indicate an issue in your computation of the CRC32C checksum.
|
|
955
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
956
|
+
# different languages. However, it is a non-negative integer, which will
|
|
957
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
958
|
+
# that support this type.
|
|
959
|
+
class GenerateRandomBytesResponse
|
|
778
960
|
include ::Google::Protobuf::MessageExts
|
|
779
961
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
780
962
|
end
|