# frozen_string_literal: true # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Auto-generated by gapic-generator-ruby. DO NOT EDIT! module Google module Cloud module Kms module V1 # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_key_rings KeyManagementService.ListKeyRings}. # @!attribute [rw] parent # @return [::String] # Required. The resource name of the location associated with the # {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`. # @!attribute [rw] page_size # @return [::Integer] # Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::KeyRing KeyRings} to include in the # response. Further {::Google::Cloud::Kms::V1::KeyRing KeyRings} can subsequently be obtained by # including the {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token} in a subsequent # request. If unspecified, the server will pick an appropriate default. # @!attribute [rw] page_token # @return [::String] # Optional. Optional pagination token, returned earlier via # {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token}. # @!attribute [rw] filter # @return [::String] # Optional. Only include resources that match the filter in the response. For # more information, see # [Sorting and filtering list # results](https://cloud.google.com/kms/docs/sorting-and-filtering). # @!attribute [rw] order_by # @return [::String] # Optional. Specify how the results should be sorted. If not specified, the # results will be sorted in the default order. For more information, see # [Sorting and filtering list # results](https://cloud.google.com/kms/docs/sorting-and-filtering). class ListKeyRingsRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_keys KeyManagementService.ListCryptoKeys}. # @!attribute [rw] parent # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to list, in the format # `projects/*/locations/*/keyRings/*`. # @!attribute [rw] page_size # @return [::Integer] # Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} to include in the # response. Further {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} can subsequently be obtained by # including the {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token} in a subsequent # request. If unspecified, the server will pick an appropriate default. # @!attribute [rw] page_token # @return [::String] # Optional. Optional pagination token, returned earlier via # {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token}. # @!attribute [rw] version_view # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView] # The fields of the primary version to include in the response. # @!attribute [rw] filter # @return [::String] # Optional. Only include resources that match the filter in the response. For # more information, see # [Sorting and filtering list # results](https://cloud.google.com/kms/docs/sorting-and-filtering). # @!attribute [rw] order_by # @return [::String] # Optional. Specify how the results should be sorted. If not specified, the # results will be sorted in the default order. For more information, see # [Sorting and filtering list # results](https://cloud.google.com/kms/docs/sorting-and-filtering). class ListCryptoKeysRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_key_versions KeyManagementService.ListCryptoKeyVersions}. # @!attribute [rw] parent # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*`. # @!attribute [rw] page_size # @return [::Integer] # Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} to # include in the response. Further {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} can # subsequently be obtained by including the # {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token} in a subsequent request. # If unspecified, the server will pick an appropriate default. # @!attribute [rw] page_token # @return [::String] # Optional. Optional pagination token, returned earlier via # {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token}. # @!attribute [rw] view # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView] # The fields to include in the response. # @!attribute [rw] filter # @return [::String] # Optional. Only include resources that match the filter in the response. For # more information, see # [Sorting and filtering list # results](https://cloud.google.com/kms/docs/sorting-and-filtering). # @!attribute [rw] order_by # @return [::String] # Optional. Specify how the results should be sorted. If not specified, the # results will be sorted in the default order. For more information, see # [Sorting and filtering list # results](https://cloud.google.com/kms/docs/sorting-and-filtering). class ListCryptoKeyVersionsRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_import_jobs KeyManagementService.ListImportJobs}. # @!attribute [rw] parent # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to list, in the format # `projects/*/locations/*/keyRings/*`. # @!attribute [rw] page_size # @return [::Integer] # Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::ImportJob ImportJobs} to include in the # response. Further {::Google::Cloud::Kms::V1::ImportJob ImportJobs} can subsequently be obtained by # including the {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token} in a subsequent # request. If unspecified, the server will pick an appropriate default. # @!attribute [rw] page_token # @return [::String] # Optional. Optional pagination token, returned earlier via # {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token}. # @!attribute [rw] filter # @return [::String] # Optional. Only include resources that match the filter in the response. For # more information, see # [Sorting and filtering list # results](https://cloud.google.com/kms/docs/sorting-and-filtering). # @!attribute [rw] order_by # @return [::String] # Optional. Specify how the results should be sorted. If not specified, the # results will be sorted in the default order. For more information, see # [Sorting and filtering list # results](https://cloud.google.com/kms/docs/sorting-and-filtering). class ListImportJobsRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_key_rings KeyManagementService.ListKeyRings}. # @!attribute [rw] key_rings # @return [::Array<::Google::Cloud::Kms::V1::KeyRing>] # The list of {::Google::Cloud::Kms::V1::KeyRing KeyRings}. # @!attribute [rw] next_page_token # @return [::String] # A token to retrieve next page of results. Pass this value in # {::Google::Cloud::Kms::V1::ListKeyRingsRequest#page_token ListKeyRingsRequest.page_token} to retrieve the next page of results. # @!attribute [rw] total_size # @return [::Integer] # The total number of {::Google::Cloud::Kms::V1::KeyRing KeyRings} that matched the query. class ListKeyRingsResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_keys KeyManagementService.ListCryptoKeys}. # @!attribute [rw] crypto_keys # @return [::Array<::Google::Cloud::Kms::V1::CryptoKey>] # The list of {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}. # @!attribute [rw] next_page_token # @return [::String] # A token to retrieve next page of results. Pass this value in # {::Google::Cloud::Kms::V1::ListCryptoKeysRequest#page_token ListCryptoKeysRequest.page_token} to retrieve the next page of results. # @!attribute [rw] total_size # @return [::Integer] # The total number of {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} that matched the query. class ListCryptoKeysResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_key_versions KeyManagementService.ListCryptoKeyVersions}. # @!attribute [rw] crypto_key_versions # @return [::Array<::Google::Cloud::Kms::V1::CryptoKeyVersion>] # The list of {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}. # @!attribute [rw] next_page_token # @return [::String] # A token to retrieve next page of results. Pass this value in # {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest#page_token ListCryptoKeyVersionsRequest.page_token} to retrieve the next page of # results. # @!attribute [rw] total_size # @return [::Integer] # The total number of {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} that matched the # query. class ListCryptoKeyVersionsResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_import_jobs KeyManagementService.ListImportJobs}. # @!attribute [rw] import_jobs # @return [::Array<::Google::Cloud::Kms::V1::ImportJob>] # The list of {::Google::Cloud::Kms::V1::ImportJob ImportJobs}. # @!attribute [rw] next_page_token # @return [::String] # A token to retrieve next page of results. Pass this value in # {::Google::Cloud::Kms::V1::ListImportJobsRequest#page_token ListImportJobsRequest.page_token} to retrieve the next page of results. # @!attribute [rw] total_size # @return [::Integer] # The total number of {::Google::Cloud::Kms::V1::ImportJob ImportJobs} that matched the query. class ListImportJobsResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_key_ring KeyManagementService.GetKeyRing}. # @!attribute [rw] name # @return [::String] # Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to get. class GetKeyRingRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_crypto_key KeyManagementService.GetCryptoKey}. # @!attribute [rw] name # @return [::String] # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get. class GetCryptoKeyRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_crypto_key_version KeyManagementService.GetCryptoKeyVersion}. # @!attribute [rw] name # @return [::String] # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get. class GetCryptoKeyVersionRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key KeyManagementService.GetPublicKey}. # @!attribute [rw] name # @return [::String] # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to # get. class GetPublicKeyRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_import_job KeyManagementService.GetImportJob}. # @!attribute [rw] name # @return [::String] # Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} to get. class GetImportJobRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_key_ring KeyManagementService.CreateKeyRing}. # @!attribute [rw] parent # @return [::String] # Required. The resource name of the location associated with the # {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`. # @!attribute [rw] key_ring_id # @return [::String] # Required. It must be unique within a location and match the regular # expression `[a-zA-Z0-9_-]{1,63}` # @!attribute [rw] key_ring # @return [::Google::Cloud::Kms::V1::KeyRing] # Required. A {::Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field values. class CreateKeyRingRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key KeyManagementService.CreateCryptoKey}. # @!attribute [rw] parent # @return [::String] # Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing associated with the # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}. # @!attribute [rw] crypto_key_id # @return [::String] # Required. It must be unique within a KeyRing and match the regular # expression `[a-zA-Z0-9_-]{1,63}` # @!attribute [rw] crypto_key # @return [::Google::Cloud::Kms::V1::CryptoKey] # Required. A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field values. # @!attribute [rw] skip_initial_version_creation # @return [::Boolean] # If set to true, the request will create a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} without any # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}. You must manually call # {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version CreateCryptoKeyVersion} or # {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version ImportCryptoKeyVersion} # before you can use this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. class CreateCryptoKeyRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version KeyManagementService.CreateCryptoKeyVersion}. # @!attribute [rw] parent # @return [::String] # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with # the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}. # @!attribute [rw] crypto_key_version # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion] # Required. A {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial field values. class CreateCryptoKeyVersionRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}. # @!attribute [rw] parent # @return [::String] # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into. # # The create permission is only required on this key when creating a new # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. # @!attribute [rw] crypto_key_version # @return [::String] # Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation. # If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the # supplied key material is created. # # If this field is present, the supplied key material is imported into # the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via # [ImportCryptoKeyVersion][], and be in # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED} # state. The key material and algorithm must match the previous # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained # key material. # @!attribute [rw] algorithm # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm] # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of # the key being imported. This does not need to match the # {::Google::Cloud::Kms::V1::CryptoKey#version_template version_template} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} this # version imports into. # @!attribute [rw] import_job # @return [::String] # Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to # wrap this key material. # @!attribute [rw] rsa_aes_wrapped_key # @return [::String] # Wrapped key material produced with # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256} # or # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}. # # This field contains the concatenation of two wrapped keys: #
    #
  1. An ephemeral AES-256 wrapping key wrapped with the # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP with SHA-1, # MGF1 with SHA-1, and an empty label. #
    2. #
  2. The key to be imported, wrapped with the ephemeral AES-256 key # using AES-KWP (RFC 5649). #
    3. #
# # If importing symmetric key material, it is expected that the unwrapped # key contains plain bytes. If importing asymmetric key material, it is # expected that the unwrapped key is in PKCS#8-encoded DER format (the # PrivateKeyInfo structure from RFC 5208). # # This format is the same as the format produced by PKCS#11 mechanism # CKM_RSA_AES_KEY_WRAP. class ImportCryptoKeyVersionRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_import_job KeyManagementService.CreateImportJob}. # @!attribute [rw] parent # @return [::String] # Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} associated with the # {::Google::Cloud::Kms::V1::ImportJob ImportJobs}. # @!attribute [rw] import_job_id # @return [::String] # Required. It must be unique within a KeyRing and match the regular # expression `[a-zA-Z0-9_-]{1,63}` # @!attribute [rw] import_job # @return [::Google::Cloud::Kms::V1::ImportJob] # Required. An {::Google::Cloud::Kms::V1::ImportJob ImportJob} with initial field values. class CreateImportJobRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key KeyManagementService.UpdateCryptoKey}. # @!attribute [rw] crypto_key # @return [::Google::Cloud::Kms::V1::CryptoKey] # Required. {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with updated values. # @!attribute [rw] update_mask # @return [::Google::Protobuf::FieldMask] # Required. List of fields to be updated in this request. class UpdateCryptoKeyRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_version KeyManagementService.UpdateCryptoKeyVersion}. # @!attribute [rw] crypto_key_version # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion] # Required. {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated values. # @!attribute [rw] update_mask # @return [::Google::Protobuf::FieldMask] # Required. List of fields to be updated in this request. class UpdateCryptoKeyVersionRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_primary_version KeyManagementService.UpdateCryptoKeyPrimaryVersion}. # @!attribute [rw] name # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update. # @!attribute [rw] crypto_key_version_id # @return [::String] # Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary. class UpdateCryptoKeyPrimaryVersionRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version KeyManagementService.DestroyCryptoKeyVersion}. # @!attribute [rw] name # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy. class DestroyCryptoKeyVersionRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version KeyManagementService.RestoreCryptoKeyVersion}. # @!attribute [rw] name # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore. class RestoreCryptoKeyVersionRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt KeyManagementService.Encrypt}. # @!attribute [rw] name # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} or {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} # to use for encryption. # # If a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server will use its # {::Google::Cloud::Kms::V1::CryptoKey#primary primary version}. # @!attribute [rw] plaintext # @return [::String] # Required. The data to encrypt. Must be no larger than 64KiB. # # The maximum size depends on the key version's # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For # {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the plaintext must be no larger # than 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the # plaintext and additional_authenticated_data fields must be no larger than # 8KiB. # @!attribute [rw] additional_authenticated_data # @return [::String] # Optional. Optional data that, if specified, must also be provided during decryption # through {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. # # The maximum size depends on the key version's # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For # {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD must be no larger than # 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the # plaintext and additional_authenticated_data fields must be no larger than # 8KiB. # @!attribute [rw] plaintext_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the # received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of # retries. A persistent mismatch may indicate an issue in your computation of # the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. # @!attribute [rw] additional_authenticated_data_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified, # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform # a limited number of retries. A persistent mismatch may indicate an issue in # your computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. class EncryptRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}. # @!attribute [rw] name # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption. # The server will choose the appropriate version. # @!attribute [rw] ciphertext # @return [::String] # Required. The encrypted data originally returned in # {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}. # @!attribute [rw] additional_authenticated_data # @return [::String] # Optional. Optional data that must match the data originally supplied in # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. # @!attribute [rw] ciphertext_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the # received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to # {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number # of retries. A persistent mismatch may indicate an issue in your computation # of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. # @!attribute [rw] additional_authenticated_data_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified, # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform # a limited number of retries. A persistent mismatch may indicate an issue in # your computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. class DecryptRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}. # @!attribute [rw] name # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing. # @!attribute [rw] digest # @return [::Google::Cloud::Kms::V1::Digest] # Optional. The digest of the data to sign. The digest must be produced with # the same digest algorithm as specified by the key version's # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}. # @!attribute [rw] digest_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited # number of retries. A persistent mismatch may indicate an issue in your # computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. # @!attribute [rw] data # @return [::String] # Optional. This field will only be honored for RAW_PKCS1 keys. # The data to sign. A digest is computed over the data that will be signed, # PKCS #1 padding is applied to the digest directly and then encrypted. # @!attribute [rw] data_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited # number of retries. A persistent mismatch may indicate an issue in your # computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. class AsymmetricSignRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt KeyManagementService.AsymmetricDecrypt}. # @!attribute [rw] name # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for # decryption. # @!attribute [rw] ciphertext # @return [::String] # Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public # key using OAEP. # @!attribute [rw] ciphertext_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}. # If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the # received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a # limited number of retries. A persistent mismatch may indicate an issue in # your computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. class AsymmetricDecryptRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}. # @!attribute [rw] name # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing. # @!attribute [rw] data # @return [::String] # Required. The data to sign. The MAC tag is computed over this data field based on # the specific algorithm. # @!attribute [rw] data_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the # received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to # {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited # number of retries. A persistent mismatch may indicate an issue in your # computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. class MacSignRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}. # @!attribute [rw] name # @return [::String] # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification. # @!attribute [rw] data # @return [::String] # Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC # tag. # @!attribute [rw] data_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the # received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to # {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited # number of retries. A persistent mismatch may indicate an issue in your # computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. # @!attribute [rw] mac # @return [::String] # Required. The signature to verify. # @!attribute [rw] mac_crc32c # @return [::Google::Protobuf::Int64Value] # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the # received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum. # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification # fails. If you receive a checksum error, your client should verify that # CRC32C([MacVerifyRequest.tag][]) is equal to # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited # number of retries. A persistent mismatch may indicate an issue in your # computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. class MacVerifyRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}. # @!attribute [rw] location # @return [::String] # The project-specific location in which to generate random bytes. # For example, "projects/my-project/locations/us-central1". # @!attribute [rw] length_bytes # @return [::Integer] # The length in bytes of the amount of randomness to retrieve. Minimum 8 # bytes, maximum 1024 bytes. # @!attribute [rw] protection_level # @return [::Google::Cloud::Kms::V1::ProtectionLevel] # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to # {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}. class GenerateRandomBytesRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt KeyManagementService.Encrypt}. # @!attribute [rw] name # @return [::String] # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in encryption. Check # this field to verify that the intended resource was used for encryption. # @!attribute [rw] ciphertext # @return [::String] # The encrypted data. # @!attribute [rw] ciphertext_crc32c # @return [::Google::Protobuf::Int64Value] # Integrity verification field. A CRC32C checksum of the returned # {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}. An integrity check of # {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} can be performed by computing the CRC32C # checksum of {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} and comparing your results to # this field. Discard the response in case of non-matching checksum values, # and perform a limited number of retries. A persistent mismatch may indicate # an issue in your computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. # @!attribute [rw] verified_plaintext_crc32c # @return [::Boolean] # Integrity verification field. A flag indicating whether # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was received by # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext plaintext}. A false value of this field # indicates either that {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was left unset or # that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard # the response and perform a limited number of retries. # @!attribute [rw] verified_additional_authenticated_data_crc32c # @return [::Boolean] # Integrity verification field. A flag indicating whether # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was received by # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data AAD}. A false value of this # field indicates either that # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was left unset or # that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is # still false, discard the response and perform a limited number of retries. # @!attribute [rw] protection_level # @return [::Google::Cloud::Kms::V1::ProtectionLevel] # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in encryption. class EncryptResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}. # @!attribute [rw] plaintext # @return [::String] # The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. # @!attribute [rw] plaintext_crc32c # @return [::Google::Protobuf::Int64Value] # Integrity verification field. A CRC32C checksum of the returned # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C # checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to # this field. Discard the response in case of non-matching checksum values, # and perform a limited number of retries. A persistent mismatch may indicate # an issue in your computation of the CRC32C checksum. Note: receiving this # response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to # successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. # @!attribute [rw] used_primary # @return [::Boolean] # Whether the Decryption was performed using the primary key version. # @!attribute [rw] protection_level # @return [::Google::Cloud::Kms::V1::ProtectionLevel] # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption. class DecryptResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}. # @!attribute [rw] signature # @return [::String] # The created signature. # @!attribute [rw] signature_crc32c # @return [::Google::Protobuf::Int64Value] # Integrity verification field. A CRC32C checksum of the returned # {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}. An integrity check of # {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} can be performed by computing the # CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} and comparing your # results to this field. Discard the response in case of non-matching # checksum values, and perform a limited number of retries. A persistent # mismatch may indicate an issue in your computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. # @!attribute [rw] verified_digest_crc32c # @return [::Boolean] # Integrity verification field. A flag indicating whether # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was received by # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest digest}. A false value of this field # indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was left # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've # set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false, # discard the response and perform a limited number of retries. # @!attribute [rw] name # @return [::String] # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check # this field to verify that the intended resource was used for signing. # @!attribute [rw] verified_data_crc32c # @return [::Boolean] # Integrity verification field. A flag indicating whether # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was received by # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data data}. A false value of this field # indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was left # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've # set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} but this field is still false, # discard the response and perform a limited number of retries. # @!attribute [rw] protection_level # @return [::Google::Cloud::Kms::V1::ProtectionLevel] # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. class AsymmetricSignResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt KeyManagementService.AsymmetricDecrypt}. # @!attribute [rw] plaintext # @return [::String] # The decrypted data originally encrypted with the matching public key. # @!attribute [rw] plaintext_crc32c # @return [::Google::Protobuf::Int64Value] # Integrity verification field. A CRC32C checksum of the returned # {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}. An integrity check of # {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} can be performed by computing the # CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} and comparing # your results to this field. Discard the response in case of non-matching # checksum values, and perform a limited number of retries. A persistent # mismatch may indicate an issue in your computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. # @!attribute [rw] verified_ciphertext_crc32c # @return [::Boolean] # Integrity verification field. A flag indicating whether # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} was received by # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext ciphertext}. A false value of this # field indicates either that {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} # was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If # you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is # still false, discard the response and perform a limited number of retries. # @!attribute [rw] protection_level # @return [::Google::Cloud::Kms::V1::ProtectionLevel] # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption. class AsymmetricDecryptResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}. # @!attribute [rw] name # @return [::String] # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check # this field to verify that the intended resource was used for signing. # @!attribute [rw] mac # @return [::String] # The created signature. # @!attribute [rw] mac_crc32c # @return [::Google::Protobuf::Int64Value] # Integrity verification field. A CRC32C checksum of the returned # {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac}. An integrity check of # {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} can be performed by computing the # CRC32C checksum of {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} and comparing your # results to this field. Discard the response in case of non-matching # checksum values, and perform a limited number of retries. A persistent # mismatch may indicate an issue in your computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. # @!attribute [rw] verified_data_crc32c # @return [::Boolean] # Integrity verification field. A flag indicating whether # {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was received by # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the # {::Google::Cloud::Kms::V1::MacSignRequest#data data}. A false value of this field # indicates either that {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was left # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've # set {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} but this field is still false, # discard the response and perform a limited number of retries. # @!attribute [rw] protection_level # @return [::Google::Cloud::Kms::V1::ProtectionLevel] # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. class MacSignResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}. # @!attribute [rw] name # @return [::String] # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification. # Check this field to verify that the intended resource was used for # verification. # @!attribute [rw] success # @return [::Boolean] # This field indicates whether or not the verification operation for # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} over {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} was successful. # @!attribute [rw] verified_data_crc32c # @return [::Boolean] # Integrity verification field. A flag indicating whether # {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was received by # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the # {::Google::Cloud::Kms::V1::MacVerifyRequest#data data}. A false value of this field # indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was left # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've # set {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} but this field is still false, # discard the response and perform a limited number of retries. # @!attribute [rw] verified_mac_crc32c # @return [::Boolean] # Integrity verification field. A flag indicating whether # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was received by # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac data}. A false value of this field # indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was left # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've # set {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} but this field is still false, # discard the response and perform a limited number of retries. # @!attribute [rw] verified_success_integrity # @return [::Boolean] # Integrity verification field. This value is used for the integrity # verification of [MacVerifyResponse.success]. If the value of this field # contradicts the value of [MacVerifyResponse.success], discard the response # and perform a limited number of retries. # @!attribute [rw] protection_level # @return [::Google::Cloud::Kms::V1::ProtectionLevel] # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification. class MacVerifyResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}. # @!attribute [rw] data # @return [::String] # The generated data. # @!attribute [rw] data_crc32c # @return [::Google::Protobuf::Int64Value] # Integrity verification field. A CRC32C checksum of the returned # {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data}. An integrity check of # {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} can be performed by computing the # CRC32C checksum of {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} and comparing your # results to this field. Discard the response in case of non-matching # checksum values, and perform a limited number of retries. A persistent # mismatch may indicate an issue in your computation of the CRC32C checksum. # Note: This field is defined as int64 for reasons of compatibility across # different languages. However, it is a non-negative integer, which will # never exceed 2^32-1, and can be safely downconverted to uint32 in languages # that support this type. class GenerateRandomBytesResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A {::Google::Cloud::Kms::V1::Digest Digest} holds a cryptographic message digest. # @!attribute [rw] sha256 # @return [::String] # A message digest produced with the SHA-256 algorithm. # @!attribute [rw] sha384 # @return [::String] # A message digest produced with the SHA-384 algorithm. # @!attribute [rw] sha512 # @return [::String] # A message digest produced with the SHA-512 algorithm. class Digest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Cloud KMS metadata for the given [google.cloud.location.Location][google.cloud.location.Location]. # @!attribute [rw] hsm_available # @return [::Boolean] # Indicates whether {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level} # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} can be created in this location. # @!attribute [rw] ekm_available # @return [::Boolean] # Indicates whether {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level} # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL} can be created in this location. class LocationMetadata include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end end end end