Module: Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm
- Defined in:
- proto_docs/google/cloud/kms/v1/resources.rb
Overview
The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.
The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT.
Algorithms beginning with RSA_SIGN_ are usable with
CryptoKey.purpose
ASYMMETRIC_SIGN.
The fields in the name after RSA_SIGN_ correspond to the following
parameters: padding algorithm, modulus bit length, and digest algorithm.
For PSS, the salt length used is equal to the length of digest algorithm. For example, RSA_SIGN_PSS_2048_SHA256 will use PSS with a salt length of 256 bits or 32 bytes.
Algorithms beginning with RSA_DECRYPT_ are usable with
CryptoKey.purpose
ASYMMETRIC_DECRYPT.
The fields in the name after RSA_DECRYPT_ correspond to the following
parameters: padding algorithm, modulus bit length, and digest algorithm.
Algorithms beginning with EC_SIGN_ are usable with
CryptoKey.purpose
ASYMMETRIC_SIGN.
The fields in the name after EC_SIGN_ correspond to the following
parameters: elliptic curve, digest algorithm.
Algorithms beginning with HMAC_ are usable with
CryptoKey.purpose
MAC.
The suffix following HMAC_ corresponds to the hash algorithm being used
(eg. SHA256).
For more information, see Key purposes and algorithms.
Constant Summary collapse
- CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED =
Not specified.
0- GOOGLE_SYMMETRIC_ENCRYPTION =
Creates symmetric encryption keys.
1- AES_128_GCM =
AES-GCM (Galois Counter Mode) using 128-bit keys.
41- AES_256_GCM =
AES-GCM (Galois Counter Mode) using 256-bit keys.
19- AES_128_CBC =
AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
42- AES_256_CBC =
AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
43- AES_128_CTR =
AES-CTR (Counter Mode) using 128-bit keys.
44- AES_256_CTR =
AES-CTR (Counter Mode) using 256-bit keys.
45- RSA_SIGN_PSS_2048_SHA256 =
RSASSA-PSS 2048 bit key with a SHA256 digest.
2- RSA_SIGN_PSS_3072_SHA256 =
RSASSA-PSS 3072 bit key with a SHA256 digest.
3- RSA_SIGN_PSS_4096_SHA256 =
RSASSA-PSS 4096 bit key with a SHA256 digest.
4- RSA_SIGN_PSS_4096_SHA512 =
RSASSA-PSS 4096 bit key with a SHA512 digest.
15- RSA_SIGN_PKCS1_2048_SHA256 =
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
5- RSA_SIGN_PKCS1_3072_SHA256 =
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
6- RSA_SIGN_PKCS1_4096_SHA256 =
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
7- RSA_SIGN_PKCS1_4096_SHA512 =
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
16- RSA_SIGN_RAW_PKCS1_2048 =
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
28- RSA_SIGN_RAW_PKCS1_3072 =
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
29- RSA_SIGN_RAW_PKCS1_4096 =
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
30- RSA_DECRYPT_OAEP_2048_SHA256 =
RSAES-OAEP 2048 bit key with a SHA256 digest.
8- RSA_DECRYPT_OAEP_3072_SHA256 =
RSAES-OAEP 3072 bit key with a SHA256 digest.
9- RSA_DECRYPT_OAEP_4096_SHA256 =
RSAES-OAEP 4096 bit key with a SHA256 digest.
10- RSA_DECRYPT_OAEP_4096_SHA512 =
RSAES-OAEP 4096 bit key with a SHA512 digest.
17- RSA_DECRYPT_OAEP_2048_SHA1 =
RSAES-OAEP 2048 bit key with a SHA1 digest.
37- RSA_DECRYPT_OAEP_3072_SHA1 =
RSAES-OAEP 3072 bit key with a SHA1 digest.
38- RSA_DECRYPT_OAEP_4096_SHA1 =
RSAES-OAEP 4096 bit key with a SHA1 digest.
39- EC_SIGN_P256_SHA256 =
ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
12- EC_SIGN_P384_SHA384 =
ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
13- EC_SIGN_SECP256K1_SHA256 =
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
31- EC_SIGN_ED25519 =
EdDSA on the Curve25519 in pure mode (taking data as input).
40- HMAC_SHA256 =
HMAC-SHA256 signing with a 256 bit key.
32- HMAC_SHA1 =
HMAC-SHA1 signing with a 160 bit key.
33- HMAC_SHA384 =
HMAC-SHA384 signing with a 384 bit key.
34- HMAC_SHA512 =
HMAC-SHA512 signing with a 512 bit key.
35- HMAC_SHA224 =
HMAC-SHA224 signing with a 224 bit key.
36- EXTERNAL_SYMMETRIC_ENCRYPTION =
Algorithm representing symmetric encryption by an external key manager.
18