proto_docs/google/cloud/kms/v1/service.rb in google-cloud-kms-v1-0.15.0 vs proto_docs/google/cloud/kms/v1/service.rb in google-cloud-kms-v1-0.16.0
- old
+ new
@@ -411,36 +411,57 @@
# @!attribute [rw] import_job
# @return [::String]
# Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
# {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to wrap this key
# material.
- # @!attribute [rw] rsa_aes_wrapped_key
+ # @!attribute [rw] wrapped_key
# @return [::String]
- # Wrapped key material produced with
- # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
+ # Optional. The wrapped key material to import.
+ #
+ # Before wrapping, key material must be formatted. If importing symmetric key
+ # material, the expected key material format is plain bytes. If importing
+ # asymmetric key material, the expected key material format is PKCS#8-encoded
+ # DER (the PrivateKeyInfo structure from RFC 5208).
+ #
+ # When wrapping with import methods
+ # ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
# or
- # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}.
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}
+ # or
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256_AES_256 RSA_OAEP_3072_SHA256_AES_256}
+ # or
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256_AES_256 RSA_OAEP_4096_SHA256_AES_256}),
#
- # This field contains the concatenation of two wrapped keys:
+ # this field must contain the concatenation of:
# <ol>
# <li>An ephemeral AES-256 wrapping key wrapped with the
# {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
- # RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
- # empty label.
+ # RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+ # label.
# </li>
- # <li>The key to be imported, wrapped with the ephemeral AES-256 key
- # using AES-KWP (RFC 5649).
+ # <li>The formatted key to be imported, wrapped with the ephemeral AES-256
+ # key using AES-KWP (RFC 5649).
# </li>
# </ol>
#
- # If importing symmetric key material, it is expected that the unwrapped
- # key contains plain bytes. If importing asymmetric key material, it is
- # expected that the unwrapped key is in PKCS#8-encoded DER format (the
- # PrivateKeyInfo structure from RFC 5208).
- #
# This format is the same as the format produced by PKCS#11 mechanism
# CKM_RSA_AES_KEY_WRAP.
+ #
+ # When wrapping with import methods
+ # ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256 RSA_OAEP_3072_SHA256}
+ # or
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256 RSA_OAEP_4096_SHA256}),
+ #
+ # this field must contain the formatted key to be imported, wrapped with the
+ # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP
+ # with SHA-256, MGF1 with SHA-256, and an empty label.
+ # @!attribute [rw] rsa_aes_wrapped_key
+ # @return [::String]
+ # Optional. This field has the same meaning as
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#wrapped_key wrapped_key}.
+ # Prefer to use that field in new work. Either that field or this field
+ # (but not both) must be specified.
class ImportCryptoKeyVersionRequest
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
end
@@ -543,11 +564,13 @@
# @return [::String]
# Required. The data to encrypt. Must be no larger than 64KiB.
#
# The maximum size depends on the key version's
# {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
- # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys, the
# plaintext must be no larger than 64KiB. For
# {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
# the plaintext and additional_authenticated_data fields must be no larger
# than 8KiB.
# @!attribute [rw] additional_authenticated_data
@@ -556,11 +579,13 @@
# decryption through
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
#
# The maximum size depends on the key version's
# {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
- # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
- # must be no larger than 64KiB. For
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys the
+ # AAD must be no larger than 64KiB. For
# {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
# the plaintext and additional_authenticated_data fields must be no larger
# than 8KiB.
# @!attribute [rw] plaintext_crc32c
# @return [::Google::Protobuf::Int64Value]