1*d5c09012SAndroid Build Coastguard Worker// Copyright 2023 Google LLC 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage google.cloud.kms.v1; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "google/api/annotations.proto"; 20*d5c09012SAndroid Build Coastguard Workerimport "google/api/client.proto"; 21*d5c09012SAndroid Build Coastguard Workerimport "google/api/field_behavior.proto"; 22*d5c09012SAndroid Build Coastguard Workerimport "google/api/resource.proto"; 23*d5c09012SAndroid Build Coastguard Workerimport "google/cloud/kms/v1/resources.proto"; 24*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/field_mask.proto"; 25*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/wrappers.proto"; 26*d5c09012SAndroid Build Coastguard Worker 27*d5c09012SAndroid Build Coastguard Workeroption cc_enable_arenas = true; 28*d5c09012SAndroid Build Coastguard Workeroption csharp_namespace = "Google.Cloud.Kms.V1"; 29*d5c09012SAndroid Build Coastguard Workeroption go_package = "cloud.google.com/go/kms/apiv1/kmspb;kmspb"; 30*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 31*d5c09012SAndroid Build Coastguard Workeroption java_outer_classname = "KmsProto"; 32*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.cloud.kms.v1"; 33*d5c09012SAndroid Build Coastguard Workeroption php_namespace = "Google\\Cloud\\Kms\\V1"; 34*d5c09012SAndroid Build Coastguard Worker 35*d5c09012SAndroid Build Coastguard Worker// Google Cloud Key Management Service 36*d5c09012SAndroid Build Coastguard Worker// 37*d5c09012SAndroid Build Coastguard Worker// Manages cryptographic keys and operations using those keys. Implements a REST 38*d5c09012SAndroid Build Coastguard Worker// model with the following objects: 39*d5c09012SAndroid Build Coastguard Worker// 40*d5c09012SAndroid Build Coastguard Worker// * [KeyRing][google.cloud.kms.v1.KeyRing] 41*d5c09012SAndroid Build Coastguard Worker// * [CryptoKey][google.cloud.kms.v1.CryptoKey] 42*d5c09012SAndroid Build Coastguard Worker// * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] 43*d5c09012SAndroid Build Coastguard Worker// * [ImportJob][google.cloud.kms.v1.ImportJob] 44*d5c09012SAndroid Build Coastguard Worker// 45*d5c09012SAndroid Build Coastguard Worker// If you are using manual gRPC libraries, see 46*d5c09012SAndroid Build Coastguard Worker// [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc). 47*d5c09012SAndroid Build Coastguard Workerservice KeyManagementService { 48*d5c09012SAndroid Build Coastguard Worker option (google.api.default_host) = "cloudkms.googleapis.com"; 49*d5c09012SAndroid Build Coastguard Worker option (google.api.oauth_scopes) = 50*d5c09012SAndroid Build Coastguard Worker "https://www.googleapis.com/auth/cloud-platform," 51*d5c09012SAndroid Build Coastguard Worker "https://www.googleapis.com/auth/cloudkms"; 52*d5c09012SAndroid Build Coastguard Worker 53*d5c09012SAndroid Build Coastguard Worker // Lists [KeyRings][google.cloud.kms.v1.KeyRing]. 54*d5c09012SAndroid Build Coastguard Worker rpc ListKeyRings(ListKeyRingsRequest) returns (ListKeyRingsResponse) { 55*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 56*d5c09012SAndroid Build Coastguard Worker get: "/v1/{parent=projects/*/locations/*}/keyRings" 57*d5c09012SAndroid Build Coastguard Worker }; 58*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent"; 59*d5c09012SAndroid Build Coastguard Worker } 60*d5c09012SAndroid Build Coastguard Worker 61*d5c09012SAndroid Build Coastguard Worker // Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. 62*d5c09012SAndroid Build Coastguard Worker rpc ListCryptoKeys(ListCryptoKeysRequest) returns (ListCryptoKeysResponse) { 63*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 64*d5c09012SAndroid Build Coastguard Worker get: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" 65*d5c09012SAndroid Build Coastguard Worker }; 66*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent"; 67*d5c09012SAndroid Build Coastguard Worker } 68*d5c09012SAndroid Build Coastguard Worker 69*d5c09012SAndroid Build Coastguard Worker // Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. 70*d5c09012SAndroid Build Coastguard Worker rpc ListCryptoKeyVersions(ListCryptoKeyVersionsRequest) 71*d5c09012SAndroid Build Coastguard Worker returns (ListCryptoKeyVersionsResponse) { 72*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 73*d5c09012SAndroid Build Coastguard Worker get: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" 74*d5c09012SAndroid Build Coastguard Worker }; 75*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent"; 76*d5c09012SAndroid Build Coastguard Worker } 77*d5c09012SAndroid Build Coastguard Worker 78*d5c09012SAndroid Build Coastguard Worker // Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. 79*d5c09012SAndroid Build Coastguard Worker rpc ListImportJobs(ListImportJobsRequest) returns (ListImportJobsResponse) { 80*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 81*d5c09012SAndroid Build Coastguard Worker get: "/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" 82*d5c09012SAndroid Build Coastguard Worker }; 83*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent"; 84*d5c09012SAndroid Build Coastguard Worker } 85*d5c09012SAndroid Build Coastguard Worker 86*d5c09012SAndroid Build Coastguard Worker // Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]. 87*d5c09012SAndroid Build Coastguard Worker rpc GetKeyRing(GetKeyRingRequest) returns (KeyRing) { 88*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 89*d5c09012SAndroid Build Coastguard Worker get: "/v1/{name=projects/*/locations/*/keyRings/*}" 90*d5c09012SAndroid Build Coastguard Worker }; 91*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name"; 92*d5c09012SAndroid Build Coastguard Worker } 93*d5c09012SAndroid Build Coastguard Worker 94*d5c09012SAndroid Build Coastguard Worker // Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as 95*d5c09012SAndroid Build Coastguard Worker // well as its [primary][google.cloud.kms.v1.CryptoKey.primary] 96*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. 97*d5c09012SAndroid Build Coastguard Worker rpc GetCryptoKey(GetCryptoKeyRequest) returns (CryptoKey) { 98*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 99*d5c09012SAndroid Build Coastguard Worker get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" 100*d5c09012SAndroid Build Coastguard Worker }; 101*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name"; 102*d5c09012SAndroid Build Coastguard Worker } 103*d5c09012SAndroid Build Coastguard Worker 104*d5c09012SAndroid Build Coastguard Worker // Returns metadata for a given 105*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. 106*d5c09012SAndroid Build Coastguard Worker rpc GetCryptoKeyVersion(GetCryptoKeyVersionRequest) 107*d5c09012SAndroid Build Coastguard Worker returns (CryptoKeyVersion) { 108*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 109*d5c09012SAndroid Build Coastguard Worker get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" 110*d5c09012SAndroid Build Coastguard Worker }; 111*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name"; 112*d5c09012SAndroid Build Coastguard Worker } 113*d5c09012SAndroid Build Coastguard Worker 114*d5c09012SAndroid Build Coastguard Worker // Returns the public key for the given 115*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The 116*d5c09012SAndroid Build Coastguard Worker // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 117*d5c09012SAndroid Build Coastguard Worker // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] 118*d5c09012SAndroid Build Coastguard Worker // or 119*d5c09012SAndroid Build Coastguard Worker // [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. 120*d5c09012SAndroid Build Coastguard Worker rpc GetPublicKey(GetPublicKeyRequest) returns (PublicKey) { 121*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 122*d5c09012SAndroid Build Coastguard Worker get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey" 123*d5c09012SAndroid Build Coastguard Worker }; 124*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name"; 125*d5c09012SAndroid Build Coastguard Worker } 126*d5c09012SAndroid Build Coastguard Worker 127*d5c09012SAndroid Build Coastguard Worker // Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob]. 128*d5c09012SAndroid Build Coastguard Worker rpc GetImportJob(GetImportJobRequest) returns (ImportJob) { 129*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 130*d5c09012SAndroid Build Coastguard Worker get: "/v1/{name=projects/*/locations/*/keyRings/*/importJobs/*}" 131*d5c09012SAndroid Build Coastguard Worker }; 132*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name"; 133*d5c09012SAndroid Build Coastguard Worker } 134*d5c09012SAndroid Build Coastguard Worker 135*d5c09012SAndroid Build Coastguard Worker // Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and 136*d5c09012SAndroid Build Coastguard Worker // Location. 137*d5c09012SAndroid Build Coastguard Worker rpc CreateKeyRing(CreateKeyRingRequest) returns (KeyRing) { 138*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 139*d5c09012SAndroid Build Coastguard Worker post: "/v1/{parent=projects/*/locations/*}/keyRings" 140*d5c09012SAndroid Build Coastguard Worker body: "key_ring" 141*d5c09012SAndroid Build Coastguard Worker }; 142*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent,key_ring_id,key_ring"; 143*d5c09012SAndroid Build Coastguard Worker } 144*d5c09012SAndroid Build Coastguard Worker 145*d5c09012SAndroid Build Coastguard Worker // Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a 146*d5c09012SAndroid Build Coastguard Worker // [KeyRing][google.cloud.kms.v1.KeyRing]. 147*d5c09012SAndroid Build Coastguard Worker // 148*d5c09012SAndroid Build Coastguard Worker // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and 149*d5c09012SAndroid Build Coastguard Worker // [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] 150*d5c09012SAndroid Build Coastguard Worker // are required. 151*d5c09012SAndroid Build Coastguard Worker rpc CreateCryptoKey(CreateCryptoKeyRequest) returns (CryptoKey) { 152*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 153*d5c09012SAndroid Build Coastguard Worker post: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" 154*d5c09012SAndroid Build Coastguard Worker body: "crypto_key" 155*d5c09012SAndroid Build Coastguard Worker }; 156*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent,crypto_key_id,crypto_key"; 157*d5c09012SAndroid Build Coastguard Worker } 158*d5c09012SAndroid Build Coastguard Worker 159*d5c09012SAndroid Build Coastguard Worker // Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a 160*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey]. 161*d5c09012SAndroid Build Coastguard Worker // 162*d5c09012SAndroid Build Coastguard Worker // The server will assign the next sequential id. If unset, 163*d5c09012SAndroid Build Coastguard Worker // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to 164*d5c09012SAndroid Build Coastguard Worker // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. 165*d5c09012SAndroid Build Coastguard Worker rpc CreateCryptoKeyVersion(CreateCryptoKeyVersionRequest) 166*d5c09012SAndroid Build Coastguard Worker returns (CryptoKeyVersion) { 167*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 168*d5c09012SAndroid Build Coastguard Worker post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" 169*d5c09012SAndroid Build Coastguard Worker body: "crypto_key_version" 170*d5c09012SAndroid Build Coastguard Worker }; 171*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent,crypto_key_version"; 172*d5c09012SAndroid Build Coastguard Worker } 173*d5c09012SAndroid Build Coastguard Worker 174*d5c09012SAndroid Build Coastguard Worker // Import wrapped key material into a 175*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. 176*d5c09012SAndroid Build Coastguard Worker // 177*d5c09012SAndroid Build Coastguard Worker // All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If 178*d5c09012SAndroid Build Coastguard Worker // a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally 179*d5c09012SAndroid Build Coastguard Worker // specified in the request, key material will be reimported into that 180*d5c09012SAndroid Build Coastguard Worker // version. Otherwise, a new version will be created, and will be assigned the 181*d5c09012SAndroid Build Coastguard Worker // next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey]. 182*d5c09012SAndroid Build Coastguard Worker rpc ImportCryptoKeyVersion(ImportCryptoKeyVersionRequest) 183*d5c09012SAndroid Build Coastguard Worker returns (CryptoKeyVersion) { 184*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 185*d5c09012SAndroid Build Coastguard Worker post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import" 186*d5c09012SAndroid Build Coastguard Worker body: "*" 187*d5c09012SAndroid Build Coastguard Worker }; 188*d5c09012SAndroid Build Coastguard Worker } 189*d5c09012SAndroid Build Coastguard Worker 190*d5c09012SAndroid Build Coastguard Worker // Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a 191*d5c09012SAndroid Build Coastguard Worker // [KeyRing][google.cloud.kms.v1.KeyRing]. 192*d5c09012SAndroid Build Coastguard Worker // 193*d5c09012SAndroid Build Coastguard Worker // [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is 194*d5c09012SAndroid Build Coastguard Worker // required. 195*d5c09012SAndroid Build Coastguard Worker rpc CreateImportJob(CreateImportJobRequest) returns (ImportJob) { 196*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 197*d5c09012SAndroid Build Coastguard Worker post: "/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" 198*d5c09012SAndroid Build Coastguard Worker body: "import_job" 199*d5c09012SAndroid Build Coastguard Worker }; 200*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "parent,import_job_id,import_job"; 201*d5c09012SAndroid Build Coastguard Worker } 202*d5c09012SAndroid Build Coastguard Worker 203*d5c09012SAndroid Build Coastguard Worker // Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. 204*d5c09012SAndroid Build Coastguard Worker rpc UpdateCryptoKey(UpdateCryptoKeyRequest) returns (CryptoKey) { 205*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 206*d5c09012SAndroid Build Coastguard Worker patch: "/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" 207*d5c09012SAndroid Build Coastguard Worker body: "crypto_key" 208*d5c09012SAndroid Build Coastguard Worker }; 209*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "crypto_key,update_mask"; 210*d5c09012SAndroid Build Coastguard Worker } 211*d5c09012SAndroid Build Coastguard Worker 212*d5c09012SAndroid Build Coastguard Worker // Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s 213*d5c09012SAndroid Build Coastguard Worker // metadata. 214*d5c09012SAndroid Build Coastguard Worker // 215*d5c09012SAndroid Build Coastguard Worker // [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between 216*d5c09012SAndroid Build Coastguard Worker // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] 217*d5c09012SAndroid Build Coastguard Worker // and 218*d5c09012SAndroid Build Coastguard Worker // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] 219*d5c09012SAndroid Build Coastguard Worker // using this method. See 220*d5c09012SAndroid Build Coastguard Worker // [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] 221*d5c09012SAndroid Build Coastguard Worker // and 222*d5c09012SAndroid Build Coastguard Worker // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] 223*d5c09012SAndroid Build Coastguard Worker // to move between other states. 224*d5c09012SAndroid Build Coastguard Worker rpc UpdateCryptoKeyVersion(UpdateCryptoKeyVersionRequest) 225*d5c09012SAndroid Build Coastguard Worker returns (CryptoKeyVersion) { 226*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 227*d5c09012SAndroid Build Coastguard Worker patch: "/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" 228*d5c09012SAndroid Build Coastguard Worker body: "crypto_key_version" 229*d5c09012SAndroid Build Coastguard Worker }; 230*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "crypto_key_version,update_mask"; 231*d5c09012SAndroid Build Coastguard Worker } 232*d5c09012SAndroid Build Coastguard Worker 233*d5c09012SAndroid Build Coastguard Worker // Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that 234*d5c09012SAndroid Build Coastguard Worker // will be used in 235*d5c09012SAndroid Build Coastguard Worker // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. 236*d5c09012SAndroid Build Coastguard Worker // 237*d5c09012SAndroid Build Coastguard Worker // Returns an error if called on a key whose purpose is not 238*d5c09012SAndroid Build Coastguard Worker // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. 239*d5c09012SAndroid Build Coastguard Worker rpc UpdateCryptoKeyPrimaryVersion(UpdateCryptoKeyPrimaryVersionRequest) 240*d5c09012SAndroid Build Coastguard Worker returns (CryptoKey) { 241*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 242*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion" 243*d5c09012SAndroid Build Coastguard Worker body: "*" 244*d5c09012SAndroid Build Coastguard Worker }; 245*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name,crypto_key_version_id"; 246*d5c09012SAndroid Build Coastguard Worker } 247*d5c09012SAndroid Build Coastguard Worker 248*d5c09012SAndroid Build Coastguard Worker // Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for 249*d5c09012SAndroid Build Coastguard Worker // destruction. 250*d5c09012SAndroid Build Coastguard Worker // 251*d5c09012SAndroid Build Coastguard Worker // Upon calling this method, 252*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will 253*d5c09012SAndroid Build Coastguard Worker // be set to 254*d5c09012SAndroid Build Coastguard Worker // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED], 255*d5c09012SAndroid Build Coastguard Worker // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will 256*d5c09012SAndroid Build Coastguard Worker // be set to the time 257*d5c09012SAndroid Build Coastguard Worker // [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] 258*d5c09012SAndroid Build Coastguard Worker // in the future. At that time, the 259*d5c09012SAndroid Build Coastguard Worker // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically 260*d5c09012SAndroid Build Coastguard Worker // change to 261*d5c09012SAndroid Build Coastguard Worker // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], 262*d5c09012SAndroid Build Coastguard Worker // and the key material will be irrevocably destroyed. 263*d5c09012SAndroid Build Coastguard Worker // 264*d5c09012SAndroid Build Coastguard Worker // Before the 265*d5c09012SAndroid Build Coastguard Worker // [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is 266*d5c09012SAndroid Build Coastguard Worker // reached, 267*d5c09012SAndroid Build Coastguard Worker // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] 268*d5c09012SAndroid Build Coastguard Worker // may be called to reverse the process. 269*d5c09012SAndroid Build Coastguard Worker rpc DestroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest) 270*d5c09012SAndroid Build Coastguard Worker returns (CryptoKeyVersion) { 271*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 272*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy" 273*d5c09012SAndroid Build Coastguard Worker body: "*" 274*d5c09012SAndroid Build Coastguard Worker }; 275*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name"; 276*d5c09012SAndroid Build Coastguard Worker } 277*d5c09012SAndroid Build Coastguard Worker 278*d5c09012SAndroid Build Coastguard Worker // Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the 279*d5c09012SAndroid Build Coastguard Worker // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] 280*d5c09012SAndroid Build Coastguard Worker // state. 281*d5c09012SAndroid Build Coastguard Worker // 282*d5c09012SAndroid Build Coastguard Worker // Upon restoration of the CryptoKeyVersion, 283*d5c09012SAndroid Build Coastguard Worker // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to 284*d5c09012SAndroid Build Coastguard Worker // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], 285*d5c09012SAndroid Build Coastguard Worker // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will 286*d5c09012SAndroid Build Coastguard Worker // be cleared. 287*d5c09012SAndroid Build Coastguard Worker rpc RestoreCryptoKeyVersion(RestoreCryptoKeyVersionRequest) 288*d5c09012SAndroid Build Coastguard Worker returns (CryptoKeyVersion) { 289*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 290*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore" 291*d5c09012SAndroid Build Coastguard Worker body: "*" 292*d5c09012SAndroid Build Coastguard Worker }; 293*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name"; 294*d5c09012SAndroid Build Coastguard Worker } 295*d5c09012SAndroid Build Coastguard Worker 296*d5c09012SAndroid Build Coastguard Worker // Encrypts data, so that it can only be recovered by a call to 297*d5c09012SAndroid Build Coastguard Worker // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The 298*d5c09012SAndroid Build Coastguard Worker // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 299*d5c09012SAndroid Build Coastguard Worker // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. 300*d5c09012SAndroid Build Coastguard Worker rpc Encrypt(EncryptRequest) returns (EncryptResponse) { 301*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 302*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt" 303*d5c09012SAndroid Build Coastguard Worker body: "*" 304*d5c09012SAndroid Build Coastguard Worker }; 305*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name,plaintext"; 306*d5c09012SAndroid Build Coastguard Worker } 307*d5c09012SAndroid Build Coastguard Worker 308*d5c09012SAndroid Build Coastguard Worker // Decrypts data that was protected by 309*d5c09012SAndroid Build Coastguard Worker // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The 310*d5c09012SAndroid Build Coastguard Worker // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 311*d5c09012SAndroid Build Coastguard Worker // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. 312*d5c09012SAndroid Build Coastguard Worker rpc Decrypt(DecryptRequest) returns (DecryptResponse) { 313*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 314*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt" 315*d5c09012SAndroid Build Coastguard Worker body: "*" 316*d5c09012SAndroid Build Coastguard Worker }; 317*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name,ciphertext"; 318*d5c09012SAndroid Build Coastguard Worker } 319*d5c09012SAndroid Build Coastguard Worker 320*d5c09012SAndroid Build Coastguard Worker // Encrypts data using portable cryptographic primitives. Most users should 321*d5c09012SAndroid Build Coastguard Worker // choose [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and 322*d5c09012SAndroid Build Coastguard Worker // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than 323*d5c09012SAndroid Build Coastguard Worker // their raw counterparts. The 324*d5c09012SAndroid Build Coastguard Worker // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 325*d5c09012SAndroid Build Coastguard Worker // [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. 326*d5c09012SAndroid Build Coastguard Worker rpc RawEncrypt(RawEncryptRequest) returns (RawEncryptResponse) { 327*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 328*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:rawEncrypt" 329*d5c09012SAndroid Build Coastguard Worker body: "*" 330*d5c09012SAndroid Build Coastguard Worker }; 331*d5c09012SAndroid Build Coastguard Worker } 332*d5c09012SAndroid Build Coastguard Worker 333*d5c09012SAndroid Build Coastguard Worker // Decrypts data that was originally encrypted using a raw cryptographic 334*d5c09012SAndroid Build Coastguard Worker // mechanism. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] 335*d5c09012SAndroid Build Coastguard Worker // must be 336*d5c09012SAndroid Build Coastguard Worker // [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. 337*d5c09012SAndroid Build Coastguard Worker rpc RawDecrypt(RawDecryptRequest) returns (RawDecryptResponse) { 338*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 339*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:rawDecrypt" 340*d5c09012SAndroid Build Coastguard Worker body: "*" 341*d5c09012SAndroid Build Coastguard Worker }; 342*d5c09012SAndroid Build Coastguard Worker } 343*d5c09012SAndroid Build Coastguard Worker 344*d5c09012SAndroid Build Coastguard Worker // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] 345*d5c09012SAndroid Build Coastguard Worker // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] 346*d5c09012SAndroid Build Coastguard Worker // ASYMMETRIC_SIGN, producing a signature that can be verified with the public 347*d5c09012SAndroid Build Coastguard Worker // key retrieved from 348*d5c09012SAndroid Build Coastguard Worker // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. 349*d5c09012SAndroid Build Coastguard Worker rpc AsymmetricSign(AsymmetricSignRequest) returns (AsymmetricSignResponse) { 350*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 351*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign" 352*d5c09012SAndroid Build Coastguard Worker body: "*" 353*d5c09012SAndroid Build Coastguard Worker }; 354*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name,digest"; 355*d5c09012SAndroid Build Coastguard Worker } 356*d5c09012SAndroid Build Coastguard Worker 357*d5c09012SAndroid Build Coastguard Worker // Decrypts data that was encrypted with a public key retrieved from 358*d5c09012SAndroid Build Coastguard Worker // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] 359*d5c09012SAndroid Build Coastguard Worker // corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] 360*d5c09012SAndroid Build Coastguard Worker // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] 361*d5c09012SAndroid Build Coastguard Worker // ASYMMETRIC_DECRYPT. 362*d5c09012SAndroid Build Coastguard Worker rpc AsymmetricDecrypt(AsymmetricDecryptRequest) 363*d5c09012SAndroid Build Coastguard Worker returns (AsymmetricDecryptResponse) { 364*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 365*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt" 366*d5c09012SAndroid Build Coastguard Worker body: "*" 367*d5c09012SAndroid Build Coastguard Worker }; 368*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name,ciphertext"; 369*d5c09012SAndroid Build Coastguard Worker } 370*d5c09012SAndroid Build Coastguard Worker 371*d5c09012SAndroid Build Coastguard Worker // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] 372*d5c09012SAndroid Build Coastguard Worker // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, 373*d5c09012SAndroid Build Coastguard Worker // producing a tag that can be verified by another source with the same key. 374*d5c09012SAndroid Build Coastguard Worker rpc MacSign(MacSignRequest) returns (MacSignResponse) { 375*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 376*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:macSign" 377*d5c09012SAndroid Build Coastguard Worker body: "*" 378*d5c09012SAndroid Build Coastguard Worker }; 379*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name,data"; 380*d5c09012SAndroid Build Coastguard Worker } 381*d5c09012SAndroid Build Coastguard Worker 382*d5c09012SAndroid Build Coastguard Worker // Verifies MAC tag using a 383*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with 384*d5c09012SAndroid Build Coastguard Worker // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns 385*d5c09012SAndroid Build Coastguard Worker // a response that indicates whether or not the verification was successful. 386*d5c09012SAndroid Build Coastguard Worker rpc MacVerify(MacVerifyRequest) returns (MacVerifyResponse) { 387*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 388*d5c09012SAndroid Build Coastguard Worker post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:macVerify" 389*d5c09012SAndroid Build Coastguard Worker body: "*" 390*d5c09012SAndroid Build Coastguard Worker }; 391*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = "name,data,mac"; 392*d5c09012SAndroid Build Coastguard Worker } 393*d5c09012SAndroid Build Coastguard Worker 394*d5c09012SAndroid Build Coastguard Worker // Generate random bytes using the Cloud KMS randomness source in the provided 395*d5c09012SAndroid Build Coastguard Worker // location. 396*d5c09012SAndroid Build Coastguard Worker rpc GenerateRandomBytes(GenerateRandomBytesRequest) 397*d5c09012SAndroid Build Coastguard Worker returns (GenerateRandomBytesResponse) { 398*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 399*d5c09012SAndroid Build Coastguard Worker post: "/v1/{location=projects/*/locations/*}:generateRandomBytes" 400*d5c09012SAndroid Build Coastguard Worker body: "*" 401*d5c09012SAndroid Build Coastguard Worker }; 402*d5c09012SAndroid Build Coastguard Worker option (google.api.method_signature) = 403*d5c09012SAndroid Build Coastguard Worker "location,length_bytes,protection_level"; 404*d5c09012SAndroid Build Coastguard Worker } 405*d5c09012SAndroid Build Coastguard Worker} 406*d5c09012SAndroid Build Coastguard Worker 407*d5c09012SAndroid Build Coastguard Worker// Request message for 408*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. 409*d5c09012SAndroid Build Coastguard Workermessage ListKeyRingsRequest { 410*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the location associated with the 411*d5c09012SAndroid Build Coastguard Worker // [KeyRings][google.cloud.kms.v1.KeyRing], in the format 412*d5c09012SAndroid Build Coastguard Worker // `projects/*/locations/*`. 413*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 414*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 415*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 416*d5c09012SAndroid Build Coastguard Worker type: "locations.googleapis.com/Location" 417*d5c09012SAndroid Build Coastguard Worker } 418*d5c09012SAndroid Build Coastguard Worker ]; 419*d5c09012SAndroid Build Coastguard Worker 420*d5c09012SAndroid Build Coastguard Worker // Optional. Optional limit on the number of 421*d5c09012SAndroid Build Coastguard Worker // [KeyRings][google.cloud.kms.v1.KeyRing] to include in the response. Further 422*d5c09012SAndroid Build Coastguard Worker // [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by 423*d5c09012SAndroid Build Coastguard Worker // including the 424*d5c09012SAndroid Build Coastguard Worker // [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] 425*d5c09012SAndroid Build Coastguard Worker // in a subsequent request. If unspecified, the server will pick an 426*d5c09012SAndroid Build Coastguard Worker // appropriate default. 427*d5c09012SAndroid Build Coastguard Worker int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 428*d5c09012SAndroid Build Coastguard Worker 429*d5c09012SAndroid Build Coastguard Worker // Optional. Optional pagination token, returned earlier via 430*d5c09012SAndroid Build Coastguard Worker // [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]. 431*d5c09012SAndroid Build Coastguard Worker string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 432*d5c09012SAndroid Build Coastguard Worker 433*d5c09012SAndroid Build Coastguard Worker // Optional. Only include resources that match the filter in the response. For 434*d5c09012SAndroid Build Coastguard Worker // more information, see 435*d5c09012SAndroid Build Coastguard Worker // [Sorting and filtering list 436*d5c09012SAndroid Build Coastguard Worker // results](https://cloud.google.com/kms/docs/sorting-and-filtering). 437*d5c09012SAndroid Build Coastguard Worker string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 438*d5c09012SAndroid Build Coastguard Worker 439*d5c09012SAndroid Build Coastguard Worker // Optional. Specify how the results should be sorted. If not specified, the 440*d5c09012SAndroid Build Coastguard Worker // results will be sorted in the default order. For more information, see 441*d5c09012SAndroid Build Coastguard Worker // [Sorting and filtering list 442*d5c09012SAndroid Build Coastguard Worker // results](https://cloud.google.com/kms/docs/sorting-and-filtering). 443*d5c09012SAndroid Build Coastguard Worker string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 444*d5c09012SAndroid Build Coastguard Worker} 445*d5c09012SAndroid Build Coastguard Worker 446*d5c09012SAndroid Build Coastguard Worker// Request message for 447*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. 448*d5c09012SAndroid Build Coastguard Workermessage ListCryptoKeysRequest { 449*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] 450*d5c09012SAndroid Build Coastguard Worker // to list, in the format `projects/*/locations/*/keyRings/*`. 451*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 452*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 453*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 454*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/KeyRing" 455*d5c09012SAndroid Build Coastguard Worker } 456*d5c09012SAndroid Build Coastguard Worker ]; 457*d5c09012SAndroid Build Coastguard Worker 458*d5c09012SAndroid Build Coastguard Worker // Optional. Optional limit on the number of 459*d5c09012SAndroid Build Coastguard Worker // [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the response. 460*d5c09012SAndroid Build Coastguard Worker // Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be 461*d5c09012SAndroid Build Coastguard Worker // obtained by including the 462*d5c09012SAndroid Build Coastguard Worker // [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] 463*d5c09012SAndroid Build Coastguard Worker // in a subsequent request. If unspecified, the server will pick an 464*d5c09012SAndroid Build Coastguard Worker // appropriate default. 465*d5c09012SAndroid Build Coastguard Worker int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 466*d5c09012SAndroid Build Coastguard Worker 467*d5c09012SAndroid Build Coastguard Worker // Optional. Optional pagination token, returned earlier via 468*d5c09012SAndroid Build Coastguard Worker // [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]. 469*d5c09012SAndroid Build Coastguard Worker string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 470*d5c09012SAndroid Build Coastguard Worker 471*d5c09012SAndroid Build Coastguard Worker // The fields of the primary version to include in the response. 472*d5c09012SAndroid Build Coastguard Worker CryptoKeyVersion.CryptoKeyVersionView version_view = 4; 473*d5c09012SAndroid Build Coastguard Worker 474*d5c09012SAndroid Build Coastguard Worker // Optional. Only include resources that match the filter in the response. For 475*d5c09012SAndroid Build Coastguard Worker // more information, see 476*d5c09012SAndroid Build Coastguard Worker // [Sorting and filtering list 477*d5c09012SAndroid Build Coastguard Worker // results](https://cloud.google.com/kms/docs/sorting-and-filtering). 478*d5c09012SAndroid Build Coastguard Worker string filter = 5 [(google.api.field_behavior) = OPTIONAL]; 479*d5c09012SAndroid Build Coastguard Worker 480*d5c09012SAndroid Build Coastguard Worker // Optional. Specify how the results should be sorted. If not specified, the 481*d5c09012SAndroid Build Coastguard Worker // results will be sorted in the default order. For more information, see 482*d5c09012SAndroid Build Coastguard Worker // [Sorting and filtering list 483*d5c09012SAndroid Build Coastguard Worker // results](https://cloud.google.com/kms/docs/sorting-and-filtering). 484*d5c09012SAndroid Build Coastguard Worker string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; 485*d5c09012SAndroid Build Coastguard Worker} 486*d5c09012SAndroid Build Coastguard Worker 487*d5c09012SAndroid Build Coastguard Worker// Request message for 488*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. 489*d5c09012SAndroid Build Coastguard Workermessage ListCryptoKeyVersionsRequest { 490*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 491*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format 492*d5c09012SAndroid Build Coastguard Worker // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. 493*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 494*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 495*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 496*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKey" 497*d5c09012SAndroid Build Coastguard Worker } 498*d5c09012SAndroid Build Coastguard Worker ]; 499*d5c09012SAndroid Build Coastguard Worker 500*d5c09012SAndroid Build Coastguard Worker // Optional. Optional limit on the number of 501*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to include in the 502*d5c09012SAndroid Build Coastguard Worker // response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] 503*d5c09012SAndroid Build Coastguard Worker // can subsequently be obtained by including the 504*d5c09012SAndroid Build Coastguard Worker // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] 505*d5c09012SAndroid Build Coastguard Worker // in a subsequent request. If unspecified, the server will pick an 506*d5c09012SAndroid Build Coastguard Worker // appropriate default. 507*d5c09012SAndroid Build Coastguard Worker int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 508*d5c09012SAndroid Build Coastguard Worker 509*d5c09012SAndroid Build Coastguard Worker // Optional. Optional pagination token, returned earlier via 510*d5c09012SAndroid Build Coastguard Worker // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]. 511*d5c09012SAndroid Build Coastguard Worker string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 512*d5c09012SAndroid Build Coastguard Worker 513*d5c09012SAndroid Build Coastguard Worker // The fields to include in the response. 514*d5c09012SAndroid Build Coastguard Worker CryptoKeyVersion.CryptoKeyVersionView view = 4; 515*d5c09012SAndroid Build Coastguard Worker 516*d5c09012SAndroid Build Coastguard Worker // Optional. Only include resources that match the filter in the response. For 517*d5c09012SAndroid Build Coastguard Worker // more information, see 518*d5c09012SAndroid Build Coastguard Worker // [Sorting and filtering list 519*d5c09012SAndroid Build Coastguard Worker // results](https://cloud.google.com/kms/docs/sorting-and-filtering). 520*d5c09012SAndroid Build Coastguard Worker string filter = 5 [(google.api.field_behavior) = OPTIONAL]; 521*d5c09012SAndroid Build Coastguard Worker 522*d5c09012SAndroid Build Coastguard Worker // Optional. Specify how the results should be sorted. If not specified, the 523*d5c09012SAndroid Build Coastguard Worker // results will be sorted in the default order. For more information, see 524*d5c09012SAndroid Build Coastguard Worker // [Sorting and filtering list 525*d5c09012SAndroid Build Coastguard Worker // results](https://cloud.google.com/kms/docs/sorting-and-filtering). 526*d5c09012SAndroid Build Coastguard Worker string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; 527*d5c09012SAndroid Build Coastguard Worker} 528*d5c09012SAndroid Build Coastguard Worker 529*d5c09012SAndroid Build Coastguard Worker// Request message for 530*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. 531*d5c09012SAndroid Build Coastguard Workermessage ListImportJobsRequest { 532*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] 533*d5c09012SAndroid Build Coastguard Worker // to list, in the format `projects/*/locations/*/keyRings/*`. 534*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 535*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 536*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 537*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/KeyRing" 538*d5c09012SAndroid Build Coastguard Worker } 539*d5c09012SAndroid Build Coastguard Worker ]; 540*d5c09012SAndroid Build Coastguard Worker 541*d5c09012SAndroid Build Coastguard Worker // Optional. Optional limit on the number of 542*d5c09012SAndroid Build Coastguard Worker // [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the response. 543*d5c09012SAndroid Build Coastguard Worker // Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be 544*d5c09012SAndroid Build Coastguard Worker // obtained by including the 545*d5c09012SAndroid Build Coastguard Worker // [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] 546*d5c09012SAndroid Build Coastguard Worker // in a subsequent request. If unspecified, the server will pick an 547*d5c09012SAndroid Build Coastguard Worker // appropriate default. 548*d5c09012SAndroid Build Coastguard Worker int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 549*d5c09012SAndroid Build Coastguard Worker 550*d5c09012SAndroid Build Coastguard Worker // Optional. Optional pagination token, returned earlier via 551*d5c09012SAndroid Build Coastguard Worker // [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token]. 552*d5c09012SAndroid Build Coastguard Worker string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 553*d5c09012SAndroid Build Coastguard Worker 554*d5c09012SAndroid Build Coastguard Worker // Optional. Only include resources that match the filter in the response. For 555*d5c09012SAndroid Build Coastguard Worker // more information, see 556*d5c09012SAndroid Build Coastguard Worker // [Sorting and filtering list 557*d5c09012SAndroid Build Coastguard Worker // results](https://cloud.google.com/kms/docs/sorting-and-filtering). 558*d5c09012SAndroid Build Coastguard Worker string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 559*d5c09012SAndroid Build Coastguard Worker 560*d5c09012SAndroid Build Coastguard Worker // Optional. Specify how the results should be sorted. If not specified, the 561*d5c09012SAndroid Build Coastguard Worker // results will be sorted in the default order. For more information, see 562*d5c09012SAndroid Build Coastguard Worker // [Sorting and filtering list 563*d5c09012SAndroid Build Coastguard Worker // results](https://cloud.google.com/kms/docs/sorting-and-filtering). 564*d5c09012SAndroid Build Coastguard Worker string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 565*d5c09012SAndroid Build Coastguard Worker} 566*d5c09012SAndroid Build Coastguard Worker 567*d5c09012SAndroid Build Coastguard Worker// Response message for 568*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. 569*d5c09012SAndroid Build Coastguard Workermessage ListKeyRingsResponse { 570*d5c09012SAndroid Build Coastguard Worker // The list of [KeyRings][google.cloud.kms.v1.KeyRing]. 571*d5c09012SAndroid Build Coastguard Worker repeated KeyRing key_rings = 1; 572*d5c09012SAndroid Build Coastguard Worker 573*d5c09012SAndroid Build Coastguard Worker // A token to retrieve next page of results. Pass this value in 574*d5c09012SAndroid Build Coastguard Worker // [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] 575*d5c09012SAndroid Build Coastguard Worker // to retrieve the next page of results. 576*d5c09012SAndroid Build Coastguard Worker string next_page_token = 2; 577*d5c09012SAndroid Build Coastguard Worker 578*d5c09012SAndroid Build Coastguard Worker // The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched 579*d5c09012SAndroid Build Coastguard Worker // the query. 580*d5c09012SAndroid Build Coastguard Worker int32 total_size = 3; 581*d5c09012SAndroid Build Coastguard Worker} 582*d5c09012SAndroid Build Coastguard Worker 583*d5c09012SAndroid Build Coastguard Worker// Response message for 584*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. 585*d5c09012SAndroid Build Coastguard Workermessage ListCryptoKeysResponse { 586*d5c09012SAndroid Build Coastguard Worker // The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. 587*d5c09012SAndroid Build Coastguard Worker repeated CryptoKey crypto_keys = 1; 588*d5c09012SAndroid Build Coastguard Worker 589*d5c09012SAndroid Build Coastguard Worker // A token to retrieve next page of results. Pass this value in 590*d5c09012SAndroid Build Coastguard Worker // [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] 591*d5c09012SAndroid Build Coastguard Worker // to retrieve the next page of results. 592*d5c09012SAndroid Build Coastguard Worker string next_page_token = 2; 593*d5c09012SAndroid Build Coastguard Worker 594*d5c09012SAndroid Build Coastguard Worker // The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that 595*d5c09012SAndroid Build Coastguard Worker // matched the query. 596*d5c09012SAndroid Build Coastguard Worker int32 total_size = 3; 597*d5c09012SAndroid Build Coastguard Worker} 598*d5c09012SAndroid Build Coastguard Worker 599*d5c09012SAndroid Build Coastguard Worker// Response message for 600*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. 601*d5c09012SAndroid Build Coastguard Workermessage ListCryptoKeyVersionsResponse { 602*d5c09012SAndroid Build Coastguard Worker // The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. 603*d5c09012SAndroid Build Coastguard Worker repeated CryptoKeyVersion crypto_key_versions = 1; 604*d5c09012SAndroid Build Coastguard Worker 605*d5c09012SAndroid Build Coastguard Worker // A token to retrieve next page of results. Pass this value in 606*d5c09012SAndroid Build Coastguard Worker // [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] 607*d5c09012SAndroid Build Coastguard Worker // to retrieve the next page of results. 608*d5c09012SAndroid Build Coastguard Worker string next_page_token = 2; 609*d5c09012SAndroid Build Coastguard Worker 610*d5c09012SAndroid Build Coastguard Worker // The total number of 611*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the 612*d5c09012SAndroid Build Coastguard Worker // query. 613*d5c09012SAndroid Build Coastguard Worker int32 total_size = 3; 614*d5c09012SAndroid Build Coastguard Worker} 615*d5c09012SAndroid Build Coastguard Worker 616*d5c09012SAndroid Build Coastguard Worker// Response message for 617*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. 618*d5c09012SAndroid Build Coastguard Workermessage ListImportJobsResponse { 619*d5c09012SAndroid Build Coastguard Worker // The list of [ImportJobs][google.cloud.kms.v1.ImportJob]. 620*d5c09012SAndroid Build Coastguard Worker repeated ImportJob import_jobs = 1; 621*d5c09012SAndroid Build Coastguard Worker 622*d5c09012SAndroid Build Coastguard Worker // A token to retrieve next page of results. Pass this value in 623*d5c09012SAndroid Build Coastguard Worker // [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] 624*d5c09012SAndroid Build Coastguard Worker // to retrieve the next page of results. 625*d5c09012SAndroid Build Coastguard Worker string next_page_token = 2; 626*d5c09012SAndroid Build Coastguard Worker 627*d5c09012SAndroid Build Coastguard Worker // The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that 628*d5c09012SAndroid Build Coastguard Worker // matched the query. 629*d5c09012SAndroid Build Coastguard Worker int32 total_size = 3; 630*d5c09012SAndroid Build Coastguard Worker} 631*d5c09012SAndroid Build Coastguard Worker 632*d5c09012SAndroid Build Coastguard Worker// Request message for 633*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing]. 634*d5c09012SAndroid Build Coastguard Workermessage GetKeyRingRequest { 635*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the 636*d5c09012SAndroid Build Coastguard Worker // [KeyRing][google.cloud.kms.v1.KeyRing] to get. 637*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 638*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 639*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 640*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/KeyRing" 641*d5c09012SAndroid Build Coastguard Worker } 642*d5c09012SAndroid Build Coastguard Worker ]; 643*d5c09012SAndroid Build Coastguard Worker} 644*d5c09012SAndroid Build Coastguard Worker 645*d5c09012SAndroid Build Coastguard Worker// Request message for 646*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey]. 647*d5c09012SAndroid Build Coastguard Workermessage GetCryptoKeyRequest { 648*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the 649*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. 650*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 651*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 652*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 653*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKey" 654*d5c09012SAndroid Build Coastguard Worker } 655*d5c09012SAndroid Build Coastguard Worker ]; 656*d5c09012SAndroid Build Coastguard Worker} 657*d5c09012SAndroid Build Coastguard Worker 658*d5c09012SAndroid Build Coastguard Worker// Request message for 659*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. 660*d5c09012SAndroid Build Coastguard Workermessage GetCryptoKeyVersionRequest { 661*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the 662*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get. 663*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 664*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 665*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 666*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKeyVersion" 667*d5c09012SAndroid Build Coastguard Worker } 668*d5c09012SAndroid Build Coastguard Worker ]; 669*d5c09012SAndroid Build Coastguard Worker} 670*d5c09012SAndroid Build Coastguard Worker 671*d5c09012SAndroid Build Coastguard Worker// Request message for 672*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. 673*d5c09012SAndroid Build Coastguard Workermessage GetPublicKeyRequest { 674*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the 675*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get. 676*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 677*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 678*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 679*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKeyVersion" 680*d5c09012SAndroid Build Coastguard Worker } 681*d5c09012SAndroid Build Coastguard Worker ]; 682*d5c09012SAndroid Build Coastguard Worker} 683*d5c09012SAndroid Build Coastguard Worker 684*d5c09012SAndroid Build Coastguard Worker// Request message for 685*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob]. 686*d5c09012SAndroid Build Coastguard Workermessage GetImportJobRequest { 687*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the 688*d5c09012SAndroid Build Coastguard Worker // [ImportJob][google.cloud.kms.v1.ImportJob] to get. 689*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 690*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 691*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 692*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/ImportJob" 693*d5c09012SAndroid Build Coastguard Worker } 694*d5c09012SAndroid Build Coastguard Worker ]; 695*d5c09012SAndroid Build Coastguard Worker} 696*d5c09012SAndroid Build Coastguard Worker 697*d5c09012SAndroid Build Coastguard Worker// Request message for 698*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing]. 699*d5c09012SAndroid Build Coastguard Workermessage CreateKeyRingRequest { 700*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the location associated with the 701*d5c09012SAndroid Build Coastguard Worker // [KeyRings][google.cloud.kms.v1.KeyRing], in the format 702*d5c09012SAndroid Build Coastguard Worker // `projects/*/locations/*`. 703*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 704*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 705*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 706*d5c09012SAndroid Build Coastguard Worker type: "locations.googleapis.com/Location" 707*d5c09012SAndroid Build Coastguard Worker } 708*d5c09012SAndroid Build Coastguard Worker ]; 709*d5c09012SAndroid Build Coastguard Worker 710*d5c09012SAndroid Build Coastguard Worker // Required. It must be unique within a location and match the regular 711*d5c09012SAndroid Build Coastguard Worker // expression `[a-zA-Z0-9_-]{1,63}` 712*d5c09012SAndroid Build Coastguard Worker string key_ring_id = 2 [(google.api.field_behavior) = REQUIRED]; 713*d5c09012SAndroid Build Coastguard Worker 714*d5c09012SAndroid Build Coastguard Worker // Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field 715*d5c09012SAndroid Build Coastguard Worker // values. 716*d5c09012SAndroid Build Coastguard Worker KeyRing key_ring = 3 [(google.api.field_behavior) = REQUIRED]; 717*d5c09012SAndroid Build Coastguard Worker} 718*d5c09012SAndroid Build Coastguard Worker 719*d5c09012SAndroid Build Coastguard Worker// Request message for 720*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]. 721*d5c09012SAndroid Build Coastguard Workermessage CreateCryptoKeyRequest { 722*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing 723*d5c09012SAndroid Build Coastguard Worker // associated with the [CryptoKeys][google.cloud.kms.v1.CryptoKey]. 724*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 725*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 726*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 727*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/KeyRing" 728*d5c09012SAndroid Build Coastguard Worker } 729*d5c09012SAndroid Build Coastguard Worker ]; 730*d5c09012SAndroid Build Coastguard Worker 731*d5c09012SAndroid Build Coastguard Worker // Required. It must be unique within a KeyRing and match the regular 732*d5c09012SAndroid Build Coastguard Worker // expression `[a-zA-Z0-9_-]{1,63}` 733*d5c09012SAndroid Build Coastguard Worker string crypto_key_id = 2 [(google.api.field_behavior) = REQUIRED]; 734*d5c09012SAndroid Build Coastguard Worker 735*d5c09012SAndroid Build Coastguard Worker // Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field 736*d5c09012SAndroid Build Coastguard Worker // values. 737*d5c09012SAndroid Build Coastguard Worker CryptoKey crypto_key = 3 [(google.api.field_behavior) = REQUIRED]; 738*d5c09012SAndroid Build Coastguard Worker 739*d5c09012SAndroid Build Coastguard Worker // If set to true, the request will create a 740*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey] without any 741*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must 742*d5c09012SAndroid Build Coastguard Worker // manually call 743*d5c09012SAndroid Build Coastguard Worker // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] 744*d5c09012SAndroid Build Coastguard Worker // or 745*d5c09012SAndroid Build Coastguard Worker // [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion] 746*d5c09012SAndroid Build Coastguard Worker // before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey]. 747*d5c09012SAndroid Build Coastguard Worker bool skip_initial_version_creation = 5; 748*d5c09012SAndroid Build Coastguard Worker} 749*d5c09012SAndroid Build Coastguard Worker 750*d5c09012SAndroid Build Coastguard Worker// Request message for 751*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. 752*d5c09012SAndroid Build Coastguard Workermessage CreateCryptoKeyVersionRequest { 753*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the 754*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the 755*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. 756*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 757*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 758*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 759*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKey" 760*d5c09012SAndroid Build Coastguard Worker } 761*d5c09012SAndroid Build Coastguard Worker ]; 762*d5c09012SAndroid Build Coastguard Worker 763*d5c09012SAndroid Build Coastguard Worker // Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with 764*d5c09012SAndroid Build Coastguard Worker // initial field values. 765*d5c09012SAndroid Build Coastguard Worker CryptoKeyVersion crypto_key_version = 2 766*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = REQUIRED]; 767*d5c09012SAndroid Build Coastguard Worker} 768*d5c09012SAndroid Build Coastguard Worker 769*d5c09012SAndroid Build Coastguard Worker// Request message for 770*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. 771*d5c09012SAndroid Build Coastguard Workermessage ImportCryptoKeyVersionRequest { 772*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the 773*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into. 774*d5c09012SAndroid Build Coastguard Worker // 775*d5c09012SAndroid Build Coastguard Worker // The create permission is only required on this key when creating a new 776*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. 777*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 778*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 779*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 780*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKey" 781*d5c09012SAndroid Build Coastguard Worker } 782*d5c09012SAndroid Build Coastguard Worker ]; 783*d5c09012SAndroid Build Coastguard Worker 784*d5c09012SAndroid Build Coastguard Worker // Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of 785*d5c09012SAndroid Build Coastguard Worker // an existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to 786*d5c09012SAndroid Build Coastguard Worker // target for an import operation. If this field is not present, a new 787*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the 788*d5c09012SAndroid Build Coastguard Worker // supplied key material is created. 789*d5c09012SAndroid Build Coastguard Worker // 790*d5c09012SAndroid Build Coastguard Worker // If this field is present, the supplied key material is imported into 791*d5c09012SAndroid Build Coastguard Worker // the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To 792*d5c09012SAndroid Build Coastguard Worker // import into an existing 793*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the 794*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of 795*d5c09012SAndroid Build Coastguard Worker // [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], 796*d5c09012SAndroid Build Coastguard Worker // have been previously created via [ImportCryptoKeyVersion][], and be in 797*d5c09012SAndroid Build Coastguard Worker // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] 798*d5c09012SAndroid Build Coastguard Worker // or 799*d5c09012SAndroid Build Coastguard Worker // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED] 800*d5c09012SAndroid Build Coastguard Worker // state. The key material and algorithm must match the previous 801*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the 802*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained 803*d5c09012SAndroid Build Coastguard Worker // key material. 804*d5c09012SAndroid Build Coastguard Worker string crypto_key_version = 6 [ 805*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = OPTIONAL, 806*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 807*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKeyVersion" 808*d5c09012SAndroid Build Coastguard Worker } 809*d5c09012SAndroid Build Coastguard Worker ]; 810*d5c09012SAndroid Build Coastguard Worker 811*d5c09012SAndroid Build Coastguard Worker // Required. The 812*d5c09012SAndroid Build Coastguard Worker // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] 813*d5c09012SAndroid Build Coastguard Worker // of the key being imported. This does not need to match the 814*d5c09012SAndroid Build Coastguard Worker // [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the 815*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey] this version imports into. 816*d5c09012SAndroid Build Coastguard Worker CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2 817*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = REQUIRED]; 818*d5c09012SAndroid Build Coastguard Worker 819*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the 820*d5c09012SAndroid Build Coastguard Worker // [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key 821*d5c09012SAndroid Build Coastguard Worker // material. 822*d5c09012SAndroid Build Coastguard Worker string import_job = 4 [(google.api.field_behavior) = REQUIRED]; 823*d5c09012SAndroid Build Coastguard Worker 824*d5c09012SAndroid Build Coastguard Worker // Optional. The wrapped key material to import. 825*d5c09012SAndroid Build Coastguard Worker // 826*d5c09012SAndroid Build Coastguard Worker // Before wrapping, key material must be formatted. If importing symmetric key 827*d5c09012SAndroid Build Coastguard Worker // material, the expected key material format is plain bytes. If importing 828*d5c09012SAndroid Build Coastguard Worker // asymmetric key material, the expected key material format is PKCS#8-encoded 829*d5c09012SAndroid Build Coastguard Worker // DER (the PrivateKeyInfo structure from RFC 5208). 830*d5c09012SAndroid Build Coastguard Worker // 831*d5c09012SAndroid Build Coastguard Worker // When wrapping with import methods 832*d5c09012SAndroid Build Coastguard Worker // ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256] 833*d5c09012SAndroid Build Coastguard Worker // or 834*d5c09012SAndroid Build Coastguard Worker // [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256] 835*d5c09012SAndroid Build Coastguard Worker // or 836*d5c09012SAndroid Build Coastguard Worker // [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256] 837*d5c09012SAndroid Build Coastguard Worker // or 838*d5c09012SAndroid Build Coastguard Worker // [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]), 839*d5c09012SAndroid Build Coastguard Worker // 840*d5c09012SAndroid Build Coastguard Worker // this field must contain the concatenation of: 841*d5c09012SAndroid Build Coastguard Worker // <ol> 842*d5c09012SAndroid Build Coastguard Worker // <li>An ephemeral AES-256 wrapping key wrapped with the 843*d5c09012SAndroid Build Coastguard Worker // [public_key][google.cloud.kms.v1.ImportJob.public_key] using 844*d5c09012SAndroid Build Coastguard Worker // RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty 845*d5c09012SAndroid Build Coastguard Worker // label. 846*d5c09012SAndroid Build Coastguard Worker // </li> 847*d5c09012SAndroid Build Coastguard Worker // <li>The formatted key to be imported, wrapped with the ephemeral AES-256 848*d5c09012SAndroid Build Coastguard Worker // key using AES-KWP (RFC 5649). 849*d5c09012SAndroid Build Coastguard Worker // </li> 850*d5c09012SAndroid Build Coastguard Worker // </ol> 851*d5c09012SAndroid Build Coastguard Worker // 852*d5c09012SAndroid Build Coastguard Worker // This format is the same as the format produced by PKCS#11 mechanism 853*d5c09012SAndroid Build Coastguard Worker // CKM_RSA_AES_KEY_WRAP. 854*d5c09012SAndroid Build Coastguard Worker // 855*d5c09012SAndroid Build Coastguard Worker // When wrapping with import methods 856*d5c09012SAndroid Build Coastguard Worker // ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256] 857*d5c09012SAndroid Build Coastguard Worker // or 858*d5c09012SAndroid Build Coastguard Worker // [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]), 859*d5c09012SAndroid Build Coastguard Worker // 860*d5c09012SAndroid Build Coastguard Worker // this field must contain the formatted key to be imported, wrapped with the 861*d5c09012SAndroid Build Coastguard Worker // [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP 862*d5c09012SAndroid Build Coastguard Worker // with SHA-256, MGF1 with SHA-256, and an empty label. 863*d5c09012SAndroid Build Coastguard Worker bytes wrapped_key = 8 [(google.api.field_behavior) = OPTIONAL]; 864*d5c09012SAndroid Build Coastguard Worker 865*d5c09012SAndroid Build Coastguard Worker // This field is legacy. Use the field 866*d5c09012SAndroid Build Coastguard Worker // [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key] 867*d5c09012SAndroid Build Coastguard Worker // instead. 868*d5c09012SAndroid Build Coastguard Worker oneof wrapped_key_material { 869*d5c09012SAndroid Build Coastguard Worker // Optional. This field has the same meaning as 870*d5c09012SAndroid Build Coastguard Worker // [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]. 871*d5c09012SAndroid Build Coastguard Worker // Prefer to use that field in new work. Either that field or this field 872*d5c09012SAndroid Build Coastguard Worker // (but not both) must be specified. 873*d5c09012SAndroid Build Coastguard Worker bytes rsa_aes_wrapped_key = 5 [(google.api.field_behavior) = OPTIONAL]; 874*d5c09012SAndroid Build Coastguard Worker } 875*d5c09012SAndroid Build Coastguard Worker} 876*d5c09012SAndroid Build Coastguard Worker 877*d5c09012SAndroid Build Coastguard Worker// Request message for 878*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob]. 879*d5c09012SAndroid Build Coastguard Workermessage CreateImportJobRequest { 880*d5c09012SAndroid Build Coastguard Worker // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the 881*d5c09012SAndroid Build Coastguard Worker // [KeyRing][google.cloud.kms.v1.KeyRing] associated with the 882*d5c09012SAndroid Build Coastguard Worker // [ImportJobs][google.cloud.kms.v1.ImportJob]. 883*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 884*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 885*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 886*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/KeyRing" 887*d5c09012SAndroid Build Coastguard Worker } 888*d5c09012SAndroid Build Coastguard Worker ]; 889*d5c09012SAndroid Build Coastguard Worker 890*d5c09012SAndroid Build Coastguard Worker // Required. It must be unique within a KeyRing and match the regular 891*d5c09012SAndroid Build Coastguard Worker // expression `[a-zA-Z0-9_-]{1,63}` 892*d5c09012SAndroid Build Coastguard Worker string import_job_id = 2 [(google.api.field_behavior) = REQUIRED]; 893*d5c09012SAndroid Build Coastguard Worker 894*d5c09012SAndroid Build Coastguard Worker // Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field 895*d5c09012SAndroid Build Coastguard Worker // values. 896*d5c09012SAndroid Build Coastguard Worker ImportJob import_job = 3 [(google.api.field_behavior) = REQUIRED]; 897*d5c09012SAndroid Build Coastguard Worker} 898*d5c09012SAndroid Build Coastguard Worker 899*d5c09012SAndroid Build Coastguard Worker// Request message for 900*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]. 901*d5c09012SAndroid Build Coastguard Workermessage UpdateCryptoKeyRequest { 902*d5c09012SAndroid Build Coastguard Worker // Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values. 903*d5c09012SAndroid Build Coastguard Worker CryptoKey crypto_key = 1 [(google.api.field_behavior) = REQUIRED]; 904*d5c09012SAndroid Build Coastguard Worker 905*d5c09012SAndroid Build Coastguard Worker // Required. List of fields to be updated in this request. 906*d5c09012SAndroid Build Coastguard Worker google.protobuf.FieldMask update_mask = 2 907*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = REQUIRED]; 908*d5c09012SAndroid Build Coastguard Worker} 909*d5c09012SAndroid Build Coastguard Worker 910*d5c09012SAndroid Build Coastguard Worker// Request message for 911*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. 912*d5c09012SAndroid Build Coastguard Workermessage UpdateCryptoKeyVersionRequest { 913*d5c09012SAndroid Build Coastguard Worker // Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with 914*d5c09012SAndroid Build Coastguard Worker // updated values. 915*d5c09012SAndroid Build Coastguard Worker CryptoKeyVersion crypto_key_version = 1 916*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = REQUIRED]; 917*d5c09012SAndroid Build Coastguard Worker 918*d5c09012SAndroid Build Coastguard Worker // Required. List of fields to be updated in this request. 919*d5c09012SAndroid Build Coastguard Worker google.protobuf.FieldMask update_mask = 2 920*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = REQUIRED]; 921*d5c09012SAndroid Build Coastguard Worker} 922*d5c09012SAndroid Build Coastguard Worker 923*d5c09012SAndroid Build Coastguard Worker// Request message for 924*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. 925*d5c09012SAndroid Build Coastguard Workermessage UpdateCryptoKeyPrimaryVersionRequest { 926*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 927*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. 928*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 929*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 930*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 931*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKey" 932*d5c09012SAndroid Build Coastguard Worker } 933*d5c09012SAndroid Build Coastguard Worker ]; 934*d5c09012SAndroid Build Coastguard Worker 935*d5c09012SAndroid Build Coastguard Worker // Required. The id of the child 936*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary. 937*d5c09012SAndroid Build Coastguard Worker string crypto_key_version_id = 2 [(google.api.field_behavior) = REQUIRED]; 938*d5c09012SAndroid Build Coastguard Worker} 939*d5c09012SAndroid Build Coastguard Worker 940*d5c09012SAndroid Build Coastguard Worker// Request message for 941*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. 942*d5c09012SAndroid Build Coastguard Workermessage DestroyCryptoKeyVersionRequest { 943*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 944*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy. 945*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 946*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 947*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 948*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKeyVersion" 949*d5c09012SAndroid Build Coastguard Worker } 950*d5c09012SAndroid Build Coastguard Worker ]; 951*d5c09012SAndroid Build Coastguard Worker} 952*d5c09012SAndroid Build Coastguard Worker 953*d5c09012SAndroid Build Coastguard Worker// Request message for 954*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. 955*d5c09012SAndroid Build Coastguard Workermessage RestoreCryptoKeyVersionRequest { 956*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 957*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore. 958*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 959*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 960*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 961*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKeyVersion" 962*d5c09012SAndroid Build Coastguard Worker } 963*d5c09012SAndroid Build Coastguard Worker ]; 964*d5c09012SAndroid Build Coastguard Worker} 965*d5c09012SAndroid Build Coastguard Worker 966*d5c09012SAndroid Build Coastguard Worker// Request message for 967*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. 968*d5c09012SAndroid Build Coastguard Workermessage EncryptRequest { 969*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 970*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey] or 971*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for 972*d5c09012SAndroid Build Coastguard Worker // encryption. 973*d5c09012SAndroid Build Coastguard Worker // 974*d5c09012SAndroid Build Coastguard Worker // If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server 975*d5c09012SAndroid Build Coastguard Worker // will use its [primary version][google.cloud.kms.v1.CryptoKey.primary]. 976*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 977*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 978*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { type: "*" } 979*d5c09012SAndroid Build Coastguard Worker ]; 980*d5c09012SAndroid Build Coastguard Worker 981*d5c09012SAndroid Build Coastguard Worker // Required. The data to encrypt. Must be no larger than 64KiB. 982*d5c09012SAndroid Build Coastguard Worker // 983*d5c09012SAndroid Build Coastguard Worker // The maximum size depends on the key version's 984*d5c09012SAndroid Build Coastguard Worker // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. 985*d5c09012SAndroid Build Coastguard Worker // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], 986*d5c09012SAndroid Build Coastguard Worker // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and 987*d5c09012SAndroid Build Coastguard Worker // [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the 988*d5c09012SAndroid Build Coastguard Worker // plaintext must be no larger than 64KiB. For 989*d5c09012SAndroid Build Coastguard Worker // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of 990*d5c09012SAndroid Build Coastguard Worker // the plaintext and additional_authenticated_data fields must be no larger 991*d5c09012SAndroid Build Coastguard Worker // than 8KiB. 992*d5c09012SAndroid Build Coastguard Worker bytes plaintext = 2 [(google.api.field_behavior) = REQUIRED]; 993*d5c09012SAndroid Build Coastguard Worker 994*d5c09012SAndroid Build Coastguard Worker // Optional. Optional data that, if specified, must also be provided during 995*d5c09012SAndroid Build Coastguard Worker // decryption through 996*d5c09012SAndroid Build Coastguard Worker // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. 997*d5c09012SAndroid Build Coastguard Worker // 998*d5c09012SAndroid Build Coastguard Worker // The maximum size depends on the key version's 999*d5c09012SAndroid Build Coastguard Worker // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. 1000*d5c09012SAndroid Build Coastguard Worker // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], 1001*d5c09012SAndroid Build Coastguard Worker // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and 1002*d5c09012SAndroid Build Coastguard Worker // [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the 1003*d5c09012SAndroid Build Coastguard Worker // AAD must be no larger than 64KiB. For 1004*d5c09012SAndroid Build Coastguard Worker // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of 1005*d5c09012SAndroid Build Coastguard Worker // the plaintext and additional_authenticated_data fields must be no larger 1006*d5c09012SAndroid Build Coastguard Worker // than 8KiB. 1007*d5c09012SAndroid Build Coastguard Worker bytes additional_authenticated_data = 3 1008*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1009*d5c09012SAndroid Build Coastguard Worker 1010*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1011*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. 1012*d5c09012SAndroid Build Coastguard Worker // If specified, 1013*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1014*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received 1015*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] 1016*d5c09012SAndroid Build Coastguard Worker // using this checksum. 1017*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1018*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1019*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1020*d5c09012SAndroid Build Coastguard Worker // CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) 1021*d5c09012SAndroid Build Coastguard Worker // is equal to 1022*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], 1023*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1024*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1025*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1026*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1027*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1028*d5c09012SAndroid Build Coastguard Worker // this type. 1029*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value plaintext_crc32c = 7 1030*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1031*d5c09012SAndroid Build Coastguard Worker 1032*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1033*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. 1034*d5c09012SAndroid Build Coastguard Worker // If specified, 1035*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1036*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received 1037*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] 1038*d5c09012SAndroid Build Coastguard Worker // using this checksum. 1039*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1040*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1041*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1042*d5c09012SAndroid Build Coastguard Worker // CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) 1043*d5c09012SAndroid Build Coastguard Worker // is equal to 1044*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], 1045*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1046*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1047*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1048*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1049*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1050*d5c09012SAndroid Build Coastguard Worker // this type. 1051*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value additional_authenticated_data_crc32c = 8 1052*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1053*d5c09012SAndroid Build Coastguard Worker} 1054*d5c09012SAndroid Build Coastguard Worker 1055*d5c09012SAndroid Build Coastguard Worker// Request message for 1056*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. 1057*d5c09012SAndroid Build Coastguard Workermessage DecryptRequest { 1058*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 1059*d5c09012SAndroid Build Coastguard Worker // [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The 1060*d5c09012SAndroid Build Coastguard Worker // server will choose the appropriate version. 1061*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 1062*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 1063*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 1064*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKey" 1065*d5c09012SAndroid Build Coastguard Worker } 1066*d5c09012SAndroid Build Coastguard Worker ]; 1067*d5c09012SAndroid Build Coastguard Worker 1068*d5c09012SAndroid Build Coastguard Worker // Required. The encrypted data originally returned in 1069*d5c09012SAndroid Build Coastguard Worker // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. 1070*d5c09012SAndroid Build Coastguard Worker bytes ciphertext = 2 [(google.api.field_behavior) = REQUIRED]; 1071*d5c09012SAndroid Build Coastguard Worker 1072*d5c09012SAndroid Build Coastguard Worker // Optional. Optional data that must match the data originally supplied in 1073*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. 1074*d5c09012SAndroid Build Coastguard Worker bytes additional_authenticated_data = 3 1075*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1076*d5c09012SAndroid Build Coastguard Worker 1077*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1078*d5c09012SAndroid Build Coastguard Worker // [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. 1079*d5c09012SAndroid Build Coastguard Worker // If specified, 1080*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1081*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received 1082*d5c09012SAndroid Build Coastguard Worker // [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] 1083*d5c09012SAndroid Build Coastguard Worker // using this checksum. 1084*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1085*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1086*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1087*d5c09012SAndroid Build Coastguard Worker // CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) 1088*d5c09012SAndroid Build Coastguard Worker // is equal to 1089*d5c09012SAndroid Build Coastguard Worker // [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], 1090*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1091*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1092*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1093*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1094*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1095*d5c09012SAndroid Build Coastguard Worker // this type. 1096*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value ciphertext_crc32c = 5 1097*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1098*d5c09012SAndroid Build Coastguard Worker 1099*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1100*d5c09012SAndroid Build Coastguard Worker // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. 1101*d5c09012SAndroid Build Coastguard Worker // If specified, 1102*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1103*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received 1104*d5c09012SAndroid Build Coastguard Worker // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] 1105*d5c09012SAndroid Build Coastguard Worker // using this checksum. 1106*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1107*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1108*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1109*d5c09012SAndroid Build Coastguard Worker // CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) 1110*d5c09012SAndroid Build Coastguard Worker // is equal to 1111*d5c09012SAndroid Build Coastguard Worker // [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], 1112*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1113*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1114*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1115*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1116*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1117*d5c09012SAndroid Build Coastguard Worker // this type. 1118*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value additional_authenticated_data_crc32c = 6 1119*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1120*d5c09012SAndroid Build Coastguard Worker} 1121*d5c09012SAndroid Build Coastguard Worker 1122*d5c09012SAndroid Build Coastguard Worker// Request message for 1123*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. 1124*d5c09012SAndroid Build Coastguard Workermessage RawEncryptRequest { 1125*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 1126*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for 1127*d5c09012SAndroid Build Coastguard Worker // encryption. 1128*d5c09012SAndroid Build Coastguard Worker string name = 1 [(google.api.field_behavior) = REQUIRED]; 1129*d5c09012SAndroid Build Coastguard Worker 1130*d5c09012SAndroid Build Coastguard Worker // Required. The data to encrypt. Must be no larger than 64KiB. 1131*d5c09012SAndroid Build Coastguard Worker // 1132*d5c09012SAndroid Build Coastguard Worker // The maximum size depends on the key version's 1133*d5c09012SAndroid Build Coastguard Worker // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. 1134*d5c09012SAndroid Build Coastguard Worker // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the 1135*d5c09012SAndroid Build Coastguard Worker // plaintext must be no larger than 64KiB. For 1136*d5c09012SAndroid Build Coastguard Worker // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of 1137*d5c09012SAndroid Build Coastguard Worker // the plaintext and additional_authenticated_data fields must be no larger 1138*d5c09012SAndroid Build Coastguard Worker // than 8KiB. 1139*d5c09012SAndroid Build Coastguard Worker bytes plaintext = 2 [(google.api.field_behavior) = REQUIRED]; 1140*d5c09012SAndroid Build Coastguard Worker 1141*d5c09012SAndroid Build Coastguard Worker // Optional. Optional data that, if specified, must also be provided during 1142*d5c09012SAndroid Build Coastguard Worker // decryption through 1143*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data]. 1144*d5c09012SAndroid Build Coastguard Worker // 1145*d5c09012SAndroid Build Coastguard Worker // This field may only be used in conjunction with an 1146*d5c09012SAndroid Build Coastguard Worker // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm] that accepts 1147*d5c09012SAndroid Build Coastguard Worker // additional authenticated data (for example, AES-GCM). 1148*d5c09012SAndroid Build Coastguard Worker // 1149*d5c09012SAndroid Build Coastguard Worker // The maximum size depends on the key version's 1150*d5c09012SAndroid Build Coastguard Worker // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. 1151*d5c09012SAndroid Build Coastguard Worker // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the 1152*d5c09012SAndroid Build Coastguard Worker // plaintext must be no larger than 64KiB. For 1153*d5c09012SAndroid Build Coastguard Worker // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of 1154*d5c09012SAndroid Build Coastguard Worker // the plaintext and additional_authenticated_data fields must be no larger 1155*d5c09012SAndroid Build Coastguard Worker // than 8KiB. 1156*d5c09012SAndroid Build Coastguard Worker bytes additional_authenticated_data = 3 1157*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1158*d5c09012SAndroid Build Coastguard Worker 1159*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1160*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.plaintext][google.cloud.kms.v1.RawEncryptRequest.plaintext]. 1161*d5c09012SAndroid Build Coastguard Worker // If specified, 1162*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1163*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received plaintext using this checksum. 1164*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1165*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1166*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that CRC32C(plaintext) is equal 1167*d5c09012SAndroid Build Coastguard Worker // to plaintext_crc32c, and if so, perform a limited number of retries. A 1168*d5c09012SAndroid Build Coastguard Worker // persistent mismatch may indicate an issue in your computation of the CRC32C 1169*d5c09012SAndroid Build Coastguard Worker // checksum. Note: This field is defined as int64 for reasons of compatibility 1170*d5c09012SAndroid Build Coastguard Worker // across different languages. However, it is a non-negative integer, which 1171*d5c09012SAndroid Build Coastguard Worker // will never exceed 2^32-1, and can be safely downconverted to uint32 in 1172*d5c09012SAndroid Build Coastguard Worker // languages that support this type. 1173*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value plaintext_crc32c = 4 1174*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1175*d5c09012SAndroid Build Coastguard Worker 1176*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1177*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data]. 1178*d5c09012SAndroid Build Coastguard Worker // If specified, 1179*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1180*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received additional_authenticated_data using 1181*d5c09012SAndroid Build Coastguard Worker // this checksum. 1182*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1183*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1184*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1185*d5c09012SAndroid Build Coastguard Worker // CRC32C(additional_authenticated_data) is equal to 1186*d5c09012SAndroid Build Coastguard Worker // additional_authenticated_data_crc32c, and if so, perform 1187*d5c09012SAndroid Build Coastguard Worker // a limited number of retries. A persistent mismatch may indicate an issue in 1188*d5c09012SAndroid Build Coastguard Worker // your computation of the CRC32C checksum. 1189*d5c09012SAndroid Build Coastguard Worker // Note: This field is defined as int64 for reasons of compatibility across 1190*d5c09012SAndroid Build Coastguard Worker // different languages. However, it is a non-negative integer, which will 1191*d5c09012SAndroid Build Coastguard Worker // never exceed 2^32-1, and can be safely downconverted to uint32 in languages 1192*d5c09012SAndroid Build Coastguard Worker // that support this type. 1193*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value additional_authenticated_data_crc32c = 5 1194*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1195*d5c09012SAndroid Build Coastguard Worker 1196*d5c09012SAndroid Build Coastguard Worker // Optional. A customer-supplied initialization vector that will be used for 1197*d5c09012SAndroid Build Coastguard Worker // encryption. If it is not provided for AES-CBC and AES-CTR, one will be 1198*d5c09012SAndroid Build Coastguard Worker // generated. It will be returned in 1199*d5c09012SAndroid Build Coastguard Worker // [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector]. 1200*d5c09012SAndroid Build Coastguard Worker bytes initialization_vector = 6 [(google.api.field_behavior) = OPTIONAL]; 1201*d5c09012SAndroid Build Coastguard Worker 1202*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1203*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.initialization_vector][google.cloud.kms.v1.RawEncryptRequest.initialization_vector]. 1204*d5c09012SAndroid Build Coastguard Worker // If specified, 1205*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1206*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received initialization_vector using this 1207*d5c09012SAndroid Build Coastguard Worker // checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] 1208*d5c09012SAndroid Build Coastguard Worker // will report an error if the checksum verification fails. If you receive a 1209*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1210*d5c09012SAndroid Build Coastguard Worker // CRC32C(initialization_vector) is equal to 1211*d5c09012SAndroid Build Coastguard Worker // initialization_vector_crc32c, and if so, perform 1212*d5c09012SAndroid Build Coastguard Worker // a limited number of retries. A persistent mismatch may indicate an issue in 1213*d5c09012SAndroid Build Coastguard Worker // your computation of the CRC32C checksum. 1214*d5c09012SAndroid Build Coastguard Worker // Note: This field is defined as int64 for reasons of compatibility across 1215*d5c09012SAndroid Build Coastguard Worker // different languages. However, it is a non-negative integer, which will 1216*d5c09012SAndroid Build Coastguard Worker // never exceed 2^32-1, and can be safely downconverted to uint32 in languages 1217*d5c09012SAndroid Build Coastguard Worker // that support this type. 1218*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value initialization_vector_crc32c = 7 1219*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1220*d5c09012SAndroid Build Coastguard Worker} 1221*d5c09012SAndroid Build Coastguard Worker 1222*d5c09012SAndroid Build Coastguard Worker// Request message for 1223*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. 1224*d5c09012SAndroid Build Coastguard Workermessage RawDecryptRequest { 1225*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 1226*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for 1227*d5c09012SAndroid Build Coastguard Worker // decryption. 1228*d5c09012SAndroid Build Coastguard Worker string name = 1 [(google.api.field_behavior) = REQUIRED]; 1229*d5c09012SAndroid Build Coastguard Worker 1230*d5c09012SAndroid Build Coastguard Worker // Required. The encrypted data originally returned in 1231*d5c09012SAndroid Build Coastguard Worker // [RawEncryptResponse.ciphertext][google.cloud.kms.v1.RawEncryptResponse.ciphertext]. 1232*d5c09012SAndroid Build Coastguard Worker bytes ciphertext = 2 [(google.api.field_behavior) = REQUIRED]; 1233*d5c09012SAndroid Build Coastguard Worker 1234*d5c09012SAndroid Build Coastguard Worker // Optional. Optional data that must match the data originally supplied in 1235*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data]. 1236*d5c09012SAndroid Build Coastguard Worker bytes additional_authenticated_data = 3 1237*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1238*d5c09012SAndroid Build Coastguard Worker 1239*d5c09012SAndroid Build Coastguard Worker // Required. The initialization vector (IV) used during encryption, which must 1240*d5c09012SAndroid Build Coastguard Worker // match the data originally provided in 1241*d5c09012SAndroid Build Coastguard Worker // [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector]. 1242*d5c09012SAndroid Build Coastguard Worker bytes initialization_vector = 4 [(google.api.field_behavior) = REQUIRED]; 1243*d5c09012SAndroid Build Coastguard Worker 1244*d5c09012SAndroid Build Coastguard Worker // The length of the authentication tag that is appended to the end of 1245*d5c09012SAndroid Build Coastguard Worker // the ciphertext. If unspecified (0), the default value for the key's 1246*d5c09012SAndroid Build Coastguard Worker // algorithm will be used (for AES-GCM, the default value is 16). 1247*d5c09012SAndroid Build Coastguard Worker int32 tag_length = 5; 1248*d5c09012SAndroid Build Coastguard Worker 1249*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1250*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.ciphertext][google.cloud.kms.v1.RawDecryptRequest.ciphertext]. 1251*d5c09012SAndroid Build Coastguard Worker // If specified, 1252*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1253*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received ciphertext using this checksum. 1254*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1255*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1256*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that CRC32C(ciphertext) is equal 1257*d5c09012SAndroid Build Coastguard Worker // to ciphertext_crc32c, and if so, perform a limited number of retries. A 1258*d5c09012SAndroid Build Coastguard Worker // persistent mismatch may indicate an issue in your computation of the CRC32C 1259*d5c09012SAndroid Build Coastguard Worker // checksum. Note: This field is defined as int64 for reasons of compatibility 1260*d5c09012SAndroid Build Coastguard Worker // across different languages. However, it is a non-negative integer, which 1261*d5c09012SAndroid Build Coastguard Worker // will never exceed 2^32-1, and can be safely downconverted to uint32 in 1262*d5c09012SAndroid Build Coastguard Worker // languages that support this type. 1263*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value ciphertext_crc32c = 6 1264*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1265*d5c09012SAndroid Build Coastguard Worker 1266*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1267*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data]. 1268*d5c09012SAndroid Build Coastguard Worker // If specified, 1269*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1270*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received additional_authenticated_data using 1271*d5c09012SAndroid Build Coastguard Worker // this checksum. 1272*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1273*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1274*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1275*d5c09012SAndroid Build Coastguard Worker // CRC32C(additional_authenticated_data) is equal to 1276*d5c09012SAndroid Build Coastguard Worker // additional_authenticated_data_crc32c, and if so, perform 1277*d5c09012SAndroid Build Coastguard Worker // a limited number of retries. A persistent mismatch may indicate an issue in 1278*d5c09012SAndroid Build Coastguard Worker // your computation of the CRC32C checksum. 1279*d5c09012SAndroid Build Coastguard Worker // Note: This field is defined as int64 for reasons of compatibility across 1280*d5c09012SAndroid Build Coastguard Worker // different languages. However, it is a non-negative integer, which will 1281*d5c09012SAndroid Build Coastguard Worker // never exceed 2^32-1, and can be safely downconverted to uint32 in languages 1282*d5c09012SAndroid Build Coastguard Worker // that support this type. 1283*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value additional_authenticated_data_crc32c = 7 1284*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1285*d5c09012SAndroid Build Coastguard Worker 1286*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1287*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.initialization_vector][google.cloud.kms.v1.RawDecryptRequest.initialization_vector]. 1288*d5c09012SAndroid Build Coastguard Worker // If specified, 1289*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1290*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received initialization_vector using this 1291*d5c09012SAndroid Build Coastguard Worker // checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] 1292*d5c09012SAndroid Build Coastguard Worker // will report an error if the checksum verification fails. If you receive a 1293*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1294*d5c09012SAndroid Build Coastguard Worker // CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and 1295*d5c09012SAndroid Build Coastguard Worker // if so, perform a limited number of retries. A persistent mismatch may 1296*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. 1297*d5c09012SAndroid Build Coastguard Worker // Note: This field is defined as int64 for reasons of compatibility across 1298*d5c09012SAndroid Build Coastguard Worker // different languages. However, it is a non-negative integer, which will 1299*d5c09012SAndroid Build Coastguard Worker // never exceed 2^32-1, and can be safely downconverted to uint32 in languages 1300*d5c09012SAndroid Build Coastguard Worker // that support this type. 1301*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value initialization_vector_crc32c = 8 1302*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1303*d5c09012SAndroid Build Coastguard Worker} 1304*d5c09012SAndroid Build Coastguard Worker 1305*d5c09012SAndroid Build Coastguard Worker// Request message for 1306*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. 1307*d5c09012SAndroid Build Coastguard Workermessage AsymmetricSignRequest { 1308*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 1309*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for 1310*d5c09012SAndroid Build Coastguard Worker // signing. 1311*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 1312*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 1313*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 1314*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKeyVersion" 1315*d5c09012SAndroid Build Coastguard Worker } 1316*d5c09012SAndroid Build Coastguard Worker ]; 1317*d5c09012SAndroid Build Coastguard Worker 1318*d5c09012SAndroid Build Coastguard Worker // Optional. The digest of the data to sign. The digest must be produced with 1319*d5c09012SAndroid Build Coastguard Worker // the same digest algorithm as specified by the key version's 1320*d5c09012SAndroid Build Coastguard Worker // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. 1321*d5c09012SAndroid Build Coastguard Worker // 1322*d5c09012SAndroid Build Coastguard Worker // This field may not be supplied if 1323*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] 1324*d5c09012SAndroid Build Coastguard Worker // is supplied. 1325*d5c09012SAndroid Build Coastguard Worker Digest digest = 3 [(google.api.field_behavior) = OPTIONAL]; 1326*d5c09012SAndroid Build Coastguard Worker 1327*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1328*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. 1329*d5c09012SAndroid Build Coastguard Worker // If specified, 1330*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1331*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received 1332*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] 1333*d5c09012SAndroid Build Coastguard Worker // using this checksum. 1334*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1335*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1336*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1337*d5c09012SAndroid Build Coastguard Worker // CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) 1338*d5c09012SAndroid Build Coastguard Worker // is equal to 1339*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], 1340*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1341*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1342*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1343*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1344*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1345*d5c09012SAndroid Build Coastguard Worker // this type. 1346*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value digest_crc32c = 4 1347*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1348*d5c09012SAndroid Build Coastguard Worker 1349*d5c09012SAndroid Build Coastguard Worker // Optional. The data to sign. 1350*d5c09012SAndroid Build Coastguard Worker // It can't be supplied if 1351*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] 1352*d5c09012SAndroid Build Coastguard Worker // is supplied. 1353*d5c09012SAndroid Build Coastguard Worker bytes data = 6 [(google.api.field_behavior) = OPTIONAL]; 1354*d5c09012SAndroid Build Coastguard Worker 1355*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1356*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]. 1357*d5c09012SAndroid Build Coastguard Worker // If specified, 1358*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1359*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received 1360*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] 1361*d5c09012SAndroid Build Coastguard Worker // using this checksum. 1362*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1363*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1364*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1365*d5c09012SAndroid Build Coastguard Worker // CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]) 1366*d5c09012SAndroid Build Coastguard Worker // is equal to 1367*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c], 1368*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1369*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1370*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1371*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1372*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1373*d5c09012SAndroid Build Coastguard Worker // this type. 1374*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value data_crc32c = 7 1375*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1376*d5c09012SAndroid Build Coastguard Worker} 1377*d5c09012SAndroid Build Coastguard Worker 1378*d5c09012SAndroid Build Coastguard Worker// Request message for 1379*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. 1380*d5c09012SAndroid Build Coastguard Workermessage AsymmetricDecryptRequest { 1381*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 1382*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for 1383*d5c09012SAndroid Build Coastguard Worker // decryption. 1384*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 1385*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 1386*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 1387*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKeyVersion" 1388*d5c09012SAndroid Build Coastguard Worker } 1389*d5c09012SAndroid Build Coastguard Worker ]; 1390*d5c09012SAndroid Build Coastguard Worker 1391*d5c09012SAndroid Build Coastguard Worker // Required. The data encrypted with the named 1392*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using 1393*d5c09012SAndroid Build Coastguard Worker // OAEP. 1394*d5c09012SAndroid Build Coastguard Worker bytes ciphertext = 3 [(google.api.field_behavior) = REQUIRED]; 1395*d5c09012SAndroid Build Coastguard Worker 1396*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1397*d5c09012SAndroid Build Coastguard Worker // [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. 1398*d5c09012SAndroid Build Coastguard Worker // If specified, 1399*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1400*d5c09012SAndroid Build Coastguard Worker // verify the integrity of the received 1401*d5c09012SAndroid Build Coastguard Worker // [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] 1402*d5c09012SAndroid Build Coastguard Worker // using this checksum. 1403*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1404*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1405*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1406*d5c09012SAndroid Build Coastguard Worker // CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) 1407*d5c09012SAndroid Build Coastguard Worker // is equal to 1408*d5c09012SAndroid Build Coastguard Worker // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], 1409*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1410*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1411*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1412*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1413*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1414*d5c09012SAndroid Build Coastguard Worker // this type. 1415*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value ciphertext_crc32c = 4 1416*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1417*d5c09012SAndroid Build Coastguard Worker} 1418*d5c09012SAndroid Build Coastguard Worker 1419*d5c09012SAndroid Build Coastguard Worker// Request message for 1420*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign]. 1421*d5c09012SAndroid Build Coastguard Workermessage MacSignRequest { 1422*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 1423*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for 1424*d5c09012SAndroid Build Coastguard Worker // signing. 1425*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 1426*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 1427*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 1428*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKeyVersion" 1429*d5c09012SAndroid Build Coastguard Worker } 1430*d5c09012SAndroid Build Coastguard Worker ]; 1431*d5c09012SAndroid Build Coastguard Worker 1432*d5c09012SAndroid Build Coastguard Worker // Required. The data to sign. The MAC tag is computed over this data field 1433*d5c09012SAndroid Build Coastguard Worker // based on the specific algorithm. 1434*d5c09012SAndroid Build Coastguard Worker bytes data = 2 [(google.api.field_behavior) = REQUIRED]; 1435*d5c09012SAndroid Build Coastguard Worker 1436*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1437*d5c09012SAndroid Build Coastguard Worker // [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]. If 1438*d5c09012SAndroid Build Coastguard Worker // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] 1439*d5c09012SAndroid Build Coastguard Worker // will verify the integrity of the received 1440*d5c09012SAndroid Build Coastguard Worker // [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] using this 1441*d5c09012SAndroid Build Coastguard Worker // checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] 1442*d5c09012SAndroid Build Coastguard Worker // will report an error if the checksum verification fails. If you receive a 1443*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1444*d5c09012SAndroid Build Coastguard Worker // CRC32C([MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]) is 1445*d5c09012SAndroid Build Coastguard Worker // equal to 1446*d5c09012SAndroid Build Coastguard Worker // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c], 1447*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1448*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1449*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1450*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1451*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1452*d5c09012SAndroid Build Coastguard Worker // this type. 1453*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value data_crc32c = 3 1454*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1455*d5c09012SAndroid Build Coastguard Worker} 1456*d5c09012SAndroid Build Coastguard Worker 1457*d5c09012SAndroid Build Coastguard Worker// Request message for 1458*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify]. 1459*d5c09012SAndroid Build Coastguard Workermessage MacVerifyRequest { 1460*d5c09012SAndroid Build Coastguard Worker // Required. The resource name of the 1461*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for 1462*d5c09012SAndroid Build Coastguard Worker // verification. 1463*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 1464*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 1465*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 1466*d5c09012SAndroid Build Coastguard Worker type: "cloudkms.googleapis.com/CryptoKeyVersion" 1467*d5c09012SAndroid Build Coastguard Worker } 1468*d5c09012SAndroid Build Coastguard Worker ]; 1469*d5c09012SAndroid Build Coastguard Worker 1470*d5c09012SAndroid Build Coastguard Worker // Required. The data used previously as a 1471*d5c09012SAndroid Build Coastguard Worker // [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate 1472*d5c09012SAndroid Build Coastguard Worker // the MAC tag. 1473*d5c09012SAndroid Build Coastguard Worker bytes data = 2 [(google.api.field_behavior) = REQUIRED]; 1474*d5c09012SAndroid Build Coastguard Worker 1475*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1476*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]. If 1477*d5c09012SAndroid Build Coastguard Worker // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] 1478*d5c09012SAndroid Build Coastguard Worker // will verify the integrity of the received 1479*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] using 1480*d5c09012SAndroid Build Coastguard Worker // this checksum. 1481*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will 1482*d5c09012SAndroid Build Coastguard Worker // report an error if the checksum verification fails. If you receive a 1483*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1484*d5c09012SAndroid Build Coastguard Worker // CRC32C([MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]) 1485*d5c09012SAndroid Build Coastguard Worker // is equal to 1486*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c], 1487*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1488*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1489*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1490*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1491*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1492*d5c09012SAndroid Build Coastguard Worker // this type. 1493*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value data_crc32c = 3 1494*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1495*d5c09012SAndroid Build Coastguard Worker 1496*d5c09012SAndroid Build Coastguard Worker // Required. The signature to verify. 1497*d5c09012SAndroid Build Coastguard Worker bytes mac = 4 [(google.api.field_behavior) = REQUIRED]; 1498*d5c09012SAndroid Build Coastguard Worker 1499*d5c09012SAndroid Build Coastguard Worker // Optional. An optional CRC32C checksum of the 1500*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac]. If 1501*d5c09012SAndroid Build Coastguard Worker // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] 1502*d5c09012SAndroid Build Coastguard Worker // will verify the integrity of the received 1503*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] using this 1504*d5c09012SAndroid Build Coastguard Worker // checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] 1505*d5c09012SAndroid Build Coastguard Worker // will report an error if the checksum verification fails. If you receive a 1506*d5c09012SAndroid Build Coastguard Worker // checksum error, your client should verify that 1507*d5c09012SAndroid Build Coastguard Worker // CRC32C([MacVerifyRequest.tag][]) is equal to 1508*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c], 1509*d5c09012SAndroid Build Coastguard Worker // and if so, perform a limited number of retries. A persistent mismatch may 1510*d5c09012SAndroid Build Coastguard Worker // indicate an issue in your computation of the CRC32C checksum. Note: This 1511*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1512*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1513*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1514*d5c09012SAndroid Build Coastguard Worker // this type. 1515*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value mac_crc32c = 5 1516*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OPTIONAL]; 1517*d5c09012SAndroid Build Coastguard Worker} 1518*d5c09012SAndroid Build Coastguard Worker 1519*d5c09012SAndroid Build Coastguard Worker// Request message for 1520*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes]. 1521*d5c09012SAndroid Build Coastguard Workermessage GenerateRandomBytesRequest { 1522*d5c09012SAndroid Build Coastguard Worker // The project-specific location in which to generate random bytes. 1523*d5c09012SAndroid Build Coastguard Worker // For example, "projects/my-project/locations/us-central1". 1524*d5c09012SAndroid Build Coastguard Worker string location = 1; 1525*d5c09012SAndroid Build Coastguard Worker 1526*d5c09012SAndroid Build Coastguard Worker // The length in bytes of the amount of randomness to retrieve. Minimum 8 1527*d5c09012SAndroid Build Coastguard Worker // bytes, maximum 1024 bytes. 1528*d5c09012SAndroid Build Coastguard Worker int32 length_bytes = 2; 1529*d5c09012SAndroid Build Coastguard Worker 1530*d5c09012SAndroid Build Coastguard Worker // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when 1531*d5c09012SAndroid Build Coastguard Worker // generating the random data. Currently, only 1532*d5c09012SAndroid Build Coastguard Worker // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] protection level is 1533*d5c09012SAndroid Build Coastguard Worker // supported. 1534*d5c09012SAndroid Build Coastguard Worker ProtectionLevel protection_level = 3; 1535*d5c09012SAndroid Build Coastguard Worker} 1536*d5c09012SAndroid Build Coastguard Worker 1537*d5c09012SAndroid Build Coastguard Worker// Response message for 1538*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. 1539*d5c09012SAndroid Build Coastguard Workermessage EncryptResponse { 1540*d5c09012SAndroid Build Coastguard Worker // The resource name of the 1541*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in 1542*d5c09012SAndroid Build Coastguard Worker // encryption. Check this field to verify that the intended resource was used 1543*d5c09012SAndroid Build Coastguard Worker // for encryption. 1544*d5c09012SAndroid Build Coastguard Worker string name = 1; 1545*d5c09012SAndroid Build Coastguard Worker 1546*d5c09012SAndroid Build Coastguard Worker // The encrypted data. 1547*d5c09012SAndroid Build Coastguard Worker bytes ciphertext = 2; 1548*d5c09012SAndroid Build Coastguard Worker 1549*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A CRC32C checksum of the returned 1550*d5c09012SAndroid Build Coastguard Worker // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. 1551*d5c09012SAndroid Build Coastguard Worker // An integrity check of 1552*d5c09012SAndroid Build Coastguard Worker // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] 1553*d5c09012SAndroid Build Coastguard Worker // can be performed by computing the CRC32C checksum of 1554*d5c09012SAndroid Build Coastguard Worker // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] 1555*d5c09012SAndroid Build Coastguard Worker // and comparing your results to this field. Discard the response in case of 1556*d5c09012SAndroid Build Coastguard Worker // non-matching checksum values, and perform a limited number of retries. A 1557*d5c09012SAndroid Build Coastguard Worker // persistent mismatch may indicate an issue in your computation of the CRC32C 1558*d5c09012SAndroid Build Coastguard Worker // checksum. Note: This field is defined as int64 for reasons of compatibility 1559*d5c09012SAndroid Build Coastguard Worker // across different languages. However, it is a non-negative integer, which 1560*d5c09012SAndroid Build Coastguard Worker // will never exceed 2^32-1, and can be safely downconverted to uint32 in 1561*d5c09012SAndroid Build Coastguard Worker // languages that support this type. 1562*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value ciphertext_crc32c = 4; 1563*d5c09012SAndroid Build Coastguard Worker 1564*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1565*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] 1566*d5c09012SAndroid Build Coastguard Worker // was received by 1567*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1568*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the 1569*d5c09012SAndroid Build Coastguard Worker // [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of 1570*d5c09012SAndroid Build Coastguard Worker // this field indicates either that 1571*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] 1572*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1573*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1574*d5c09012SAndroid Build Coastguard Worker // set 1575*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] 1576*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1577*d5c09012SAndroid Build Coastguard Worker // number of retries. 1578*d5c09012SAndroid Build Coastguard Worker bool verified_plaintext_crc32c = 5; 1579*d5c09012SAndroid Build Coastguard Worker 1580*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1581*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] 1582*d5c09012SAndroid Build Coastguard Worker // was received by 1583*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1584*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the 1585*d5c09012SAndroid Build Coastguard Worker // [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A 1586*d5c09012SAndroid Build Coastguard Worker // false value of this field indicates either that 1587*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] 1588*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1589*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1590*d5c09012SAndroid Build Coastguard Worker // set 1591*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] 1592*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1593*d5c09012SAndroid Build Coastguard Worker // number of retries. 1594*d5c09012SAndroid Build Coastguard Worker bool verified_additional_authenticated_data_crc32c = 6; 1595*d5c09012SAndroid Build Coastguard Worker 1596*d5c09012SAndroid Build Coastguard Worker // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the 1597*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in 1598*d5c09012SAndroid Build Coastguard Worker // encryption. 1599*d5c09012SAndroid Build Coastguard Worker ProtectionLevel protection_level = 7; 1600*d5c09012SAndroid Build Coastguard Worker} 1601*d5c09012SAndroid Build Coastguard Worker 1602*d5c09012SAndroid Build Coastguard Worker// Response message for 1603*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. 1604*d5c09012SAndroid Build Coastguard Workermessage DecryptResponse { 1605*d5c09012SAndroid Build Coastguard Worker // The decrypted data originally supplied in 1606*d5c09012SAndroid Build Coastguard Worker // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. 1607*d5c09012SAndroid Build Coastguard Worker bytes plaintext = 1; 1608*d5c09012SAndroid Build Coastguard Worker 1609*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A CRC32C checksum of the returned 1610*d5c09012SAndroid Build Coastguard Worker // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. 1611*d5c09012SAndroid Build Coastguard Worker // An integrity check of 1612*d5c09012SAndroid Build Coastguard Worker // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] 1613*d5c09012SAndroid Build Coastguard Worker // can be performed by computing the CRC32C checksum of 1614*d5c09012SAndroid Build Coastguard Worker // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] 1615*d5c09012SAndroid Build Coastguard Worker // and comparing your results to this field. Discard the response in case of 1616*d5c09012SAndroid Build Coastguard Worker // non-matching checksum values, and perform a limited number of retries. A 1617*d5c09012SAndroid Build Coastguard Worker // persistent mismatch may indicate an issue in your computation of the CRC32C 1618*d5c09012SAndroid Build Coastguard Worker // checksum. Note: receiving this response message indicates that 1619*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to 1620*d5c09012SAndroid Build Coastguard Worker // successfully decrypt the 1621*d5c09012SAndroid Build Coastguard Worker // [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. Note: This 1622*d5c09012SAndroid Build Coastguard Worker // field is defined as int64 for reasons of compatibility across different 1623*d5c09012SAndroid Build Coastguard Worker // languages. However, it is a non-negative integer, which will never exceed 1624*d5c09012SAndroid Build Coastguard Worker // 2^32-1, and can be safely downconverted to uint32 in languages that support 1625*d5c09012SAndroid Build Coastguard Worker // this type. 1626*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value plaintext_crc32c = 2; 1627*d5c09012SAndroid Build Coastguard Worker 1628*d5c09012SAndroid Build Coastguard Worker // Whether the Decryption was performed using the primary key version. 1629*d5c09012SAndroid Build Coastguard Worker bool used_primary = 3; 1630*d5c09012SAndroid Build Coastguard Worker 1631*d5c09012SAndroid Build Coastguard Worker // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the 1632*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in 1633*d5c09012SAndroid Build Coastguard Worker // decryption. 1634*d5c09012SAndroid Build Coastguard Worker ProtectionLevel protection_level = 4; 1635*d5c09012SAndroid Build Coastguard Worker} 1636*d5c09012SAndroid Build Coastguard Worker 1637*d5c09012SAndroid Build Coastguard Worker// Response message for 1638*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. 1639*d5c09012SAndroid Build Coastguard Workermessage RawEncryptResponse { 1640*d5c09012SAndroid Build Coastguard Worker // The encrypted data. In the case of AES-GCM, the authentication tag 1641*d5c09012SAndroid Build Coastguard Worker // is the [tag_length][google.cloud.kms.v1.RawEncryptResponse.tag_length] 1642*d5c09012SAndroid Build Coastguard Worker // bytes at the end of this field. 1643*d5c09012SAndroid Build Coastguard Worker bytes ciphertext = 1; 1644*d5c09012SAndroid Build Coastguard Worker 1645*d5c09012SAndroid Build Coastguard Worker // The initialization vector (IV) generated by the service during 1646*d5c09012SAndroid Build Coastguard Worker // encryption. This value must be stored and provided in 1647*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.initialization_vector][google.cloud.kms.v1.RawDecryptRequest.initialization_vector] 1648*d5c09012SAndroid Build Coastguard Worker // at decryption time. 1649*d5c09012SAndroid Build Coastguard Worker bytes initialization_vector = 2; 1650*d5c09012SAndroid Build Coastguard Worker 1651*d5c09012SAndroid Build Coastguard Worker // The length of the authentication tag that is appended to 1652*d5c09012SAndroid Build Coastguard Worker // the end of the ciphertext. 1653*d5c09012SAndroid Build Coastguard Worker int32 tag_length = 3; 1654*d5c09012SAndroid Build Coastguard Worker 1655*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A CRC32C checksum of the returned 1656*d5c09012SAndroid Build Coastguard Worker // [RawEncryptResponse.ciphertext][google.cloud.kms.v1.RawEncryptResponse.ciphertext]. 1657*d5c09012SAndroid Build Coastguard Worker // An integrity check of ciphertext can be performed by computing the CRC32C 1658*d5c09012SAndroid Build Coastguard Worker // checksum of ciphertext and comparing your results to this field. Discard 1659*d5c09012SAndroid Build Coastguard Worker // the response in case of non-matching checksum values, and perform a limited 1660*d5c09012SAndroid Build Coastguard Worker // number of retries. A persistent mismatch may indicate an issue in your 1661*d5c09012SAndroid Build Coastguard Worker // computation of the CRC32C checksum. Note: This field is defined as int64 1662*d5c09012SAndroid Build Coastguard Worker // for reasons of compatibility across different languages. However, it is a 1663*d5c09012SAndroid Build Coastguard Worker // non-negative integer, which will never exceed 2^32-1, and can be safely 1664*d5c09012SAndroid Build Coastguard Worker // downconverted to uint32 in languages that support this type. 1665*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value ciphertext_crc32c = 4; 1666*d5c09012SAndroid Build Coastguard Worker 1667*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A CRC32C checksum of the returned 1668*d5c09012SAndroid Build Coastguard Worker // [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector]. 1669*d5c09012SAndroid Build Coastguard Worker // An integrity check of initialization_vector can be performed by computing 1670*d5c09012SAndroid Build Coastguard Worker // the CRC32C checksum of initialization_vector and comparing your results to 1671*d5c09012SAndroid Build Coastguard Worker // this field. Discard the response in case of non-matching checksum values, 1672*d5c09012SAndroid Build Coastguard Worker // and perform a limited number of retries. A persistent mismatch may indicate 1673*d5c09012SAndroid Build Coastguard Worker // an issue in your computation of the CRC32C checksum. Note: This field is 1674*d5c09012SAndroid Build Coastguard Worker // defined as int64 for reasons of compatibility across different languages. 1675*d5c09012SAndroid Build Coastguard Worker // However, it is a non-negative integer, which will never exceed 2^32-1, and 1676*d5c09012SAndroid Build Coastguard Worker // can be safely downconverted to uint32 in languages that support this type. 1677*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value initialization_vector_crc32c = 5; 1678*d5c09012SAndroid Build Coastguard Worker 1679*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1680*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c] 1681*d5c09012SAndroid Build Coastguard Worker // was received by 1682*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1683*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the plaintext. A false value of this 1684*d5c09012SAndroid Build Coastguard Worker // field indicates either that 1685*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c] 1686*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1687*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1688*d5c09012SAndroid Build Coastguard Worker // set 1689*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c] 1690*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1691*d5c09012SAndroid Build Coastguard Worker // number of retries. 1692*d5c09012SAndroid Build Coastguard Worker bool verified_plaintext_crc32c = 6; 1693*d5c09012SAndroid Build Coastguard Worker 1694*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1695*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c] 1696*d5c09012SAndroid Build Coastguard Worker // was received by 1697*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1698*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of additional_authenticated_data. A false 1699*d5c09012SAndroid Build Coastguard Worker // value of this field indicates either that // 1700*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c] 1701*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1702*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1703*d5c09012SAndroid Build Coastguard Worker // set 1704*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c] 1705*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1706*d5c09012SAndroid Build Coastguard Worker // number of retries. 1707*d5c09012SAndroid Build Coastguard Worker bool verified_additional_authenticated_data_crc32c = 7; 1708*d5c09012SAndroid Build Coastguard Worker 1709*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1710*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c] 1711*d5c09012SAndroid Build Coastguard Worker // was received by 1712*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1713*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of initialization_vector. A false value of 1714*d5c09012SAndroid Build Coastguard Worker // this field indicates either that 1715*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c] 1716*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1717*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1718*d5c09012SAndroid Build Coastguard Worker // set 1719*d5c09012SAndroid Build Coastguard Worker // [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c] 1720*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1721*d5c09012SAndroid Build Coastguard Worker // number of retries. 1722*d5c09012SAndroid Build Coastguard Worker bool verified_initialization_vector_crc32c = 10; 1723*d5c09012SAndroid Build Coastguard Worker 1724*d5c09012SAndroid Build Coastguard Worker // The resource name of the 1725*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in 1726*d5c09012SAndroid Build Coastguard Worker // encryption. Check this field to verify that the intended resource was used 1727*d5c09012SAndroid Build Coastguard Worker // for encryption. 1728*d5c09012SAndroid Build Coastguard Worker string name = 8; 1729*d5c09012SAndroid Build Coastguard Worker 1730*d5c09012SAndroid Build Coastguard Worker // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the 1731*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in 1732*d5c09012SAndroid Build Coastguard Worker // encryption. 1733*d5c09012SAndroid Build Coastguard Worker ProtectionLevel protection_level = 9; 1734*d5c09012SAndroid Build Coastguard Worker} 1735*d5c09012SAndroid Build Coastguard Worker 1736*d5c09012SAndroid Build Coastguard Worker// Response message for 1737*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. 1738*d5c09012SAndroid Build Coastguard Workermessage RawDecryptResponse { 1739*d5c09012SAndroid Build Coastguard Worker // The decrypted data. 1740*d5c09012SAndroid Build Coastguard Worker bytes plaintext = 1; 1741*d5c09012SAndroid Build Coastguard Worker 1742*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A CRC32C checksum of the returned 1743*d5c09012SAndroid Build Coastguard Worker // [RawDecryptResponse.plaintext][google.cloud.kms.v1.RawDecryptResponse.plaintext]. 1744*d5c09012SAndroid Build Coastguard Worker // An integrity check of plaintext can be performed by computing the CRC32C 1745*d5c09012SAndroid Build Coastguard Worker // checksum of plaintext and comparing your results to this field. Discard the 1746*d5c09012SAndroid Build Coastguard Worker // response in case of non-matching checksum values, and perform a limited 1747*d5c09012SAndroid Build Coastguard Worker // number of retries. A persistent mismatch may indicate an issue in your 1748*d5c09012SAndroid Build Coastguard Worker // computation of the CRC32C checksum. Note: receiving this response message 1749*d5c09012SAndroid Build Coastguard Worker // indicates that 1750*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to 1751*d5c09012SAndroid Build Coastguard Worker // successfully decrypt the 1752*d5c09012SAndroid Build Coastguard Worker // [ciphertext][google.cloud.kms.v1.RawDecryptRequest.ciphertext]. 1753*d5c09012SAndroid Build Coastguard Worker // Note: This field is defined as int64 for reasons of compatibility across 1754*d5c09012SAndroid Build Coastguard Worker // different languages. However, it is a non-negative integer, which will 1755*d5c09012SAndroid Build Coastguard Worker // never exceed 2^32-1, and can be safely downconverted to uint32 in languages 1756*d5c09012SAndroid Build Coastguard Worker // that support this type. 1757*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value plaintext_crc32c = 2; 1758*d5c09012SAndroid Build Coastguard Worker 1759*d5c09012SAndroid Build Coastguard Worker // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the 1760*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in 1761*d5c09012SAndroid Build Coastguard Worker // decryption. 1762*d5c09012SAndroid Build Coastguard Worker ProtectionLevel protection_level = 3; 1763*d5c09012SAndroid Build Coastguard Worker 1764*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1765*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c] 1766*d5c09012SAndroid Build Coastguard Worker // was received by 1767*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1768*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the ciphertext. A false value of this 1769*d5c09012SAndroid Build Coastguard Worker // field indicates either that 1770*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c] 1771*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1772*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1773*d5c09012SAndroid Build Coastguard Worker // set 1774*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c] 1775*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1776*d5c09012SAndroid Build Coastguard Worker // number of retries. 1777*d5c09012SAndroid Build Coastguard Worker bool verified_ciphertext_crc32c = 4; 1778*d5c09012SAndroid Build Coastguard Worker 1779*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1780*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c] 1781*d5c09012SAndroid Build Coastguard Worker // was received by 1782*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1783*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of additional_authenticated_data. A false 1784*d5c09012SAndroid Build Coastguard Worker // value of this field indicates either that // 1785*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c] 1786*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1787*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1788*d5c09012SAndroid Build Coastguard Worker // set 1789*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c] 1790*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1791*d5c09012SAndroid Build Coastguard Worker // number of retries. 1792*d5c09012SAndroid Build Coastguard Worker bool verified_additional_authenticated_data_crc32c = 5; 1793*d5c09012SAndroid Build Coastguard Worker 1794*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1795*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c] 1796*d5c09012SAndroid Build Coastguard Worker // was received by 1797*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1798*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of initialization_vector. A false value of 1799*d5c09012SAndroid Build Coastguard Worker // this field indicates either that 1800*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c] 1801*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1802*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1803*d5c09012SAndroid Build Coastguard Worker // set 1804*d5c09012SAndroid Build Coastguard Worker // [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c] 1805*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1806*d5c09012SAndroid Build Coastguard Worker // number of retries. 1807*d5c09012SAndroid Build Coastguard Worker bool verified_initialization_vector_crc32c = 6; 1808*d5c09012SAndroid Build Coastguard Worker} 1809*d5c09012SAndroid Build Coastguard Worker 1810*d5c09012SAndroid Build Coastguard Worker// Response message for 1811*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. 1812*d5c09012SAndroid Build Coastguard Workermessage AsymmetricSignResponse { 1813*d5c09012SAndroid Build Coastguard Worker // The created signature. 1814*d5c09012SAndroid Build Coastguard Worker bytes signature = 1; 1815*d5c09012SAndroid Build Coastguard Worker 1816*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A CRC32C checksum of the returned 1817*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. 1818*d5c09012SAndroid Build Coastguard Worker // An integrity check of 1819*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] 1820*d5c09012SAndroid Build Coastguard Worker // can be performed by computing the CRC32C checksum of 1821*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] 1822*d5c09012SAndroid Build Coastguard Worker // and comparing your results to this field. Discard the response in case of 1823*d5c09012SAndroid Build Coastguard Worker // non-matching checksum values, and perform a limited number of retries. A 1824*d5c09012SAndroid Build Coastguard Worker // persistent mismatch may indicate an issue in your computation of the CRC32C 1825*d5c09012SAndroid Build Coastguard Worker // checksum. Note: This field is defined as int64 for reasons of compatibility 1826*d5c09012SAndroid Build Coastguard Worker // across different languages. However, it is a non-negative integer, which 1827*d5c09012SAndroid Build Coastguard Worker // will never exceed 2^32-1, and can be safely downconverted to uint32 in 1828*d5c09012SAndroid Build Coastguard Worker // languages that support this type. 1829*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value signature_crc32c = 2; 1830*d5c09012SAndroid Build Coastguard Worker 1831*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1832*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] 1833*d5c09012SAndroid Build Coastguard Worker // was received by 1834*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1835*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the 1836*d5c09012SAndroid Build Coastguard Worker // [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value 1837*d5c09012SAndroid Build Coastguard Worker // of this field indicates either that 1838*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] 1839*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1840*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1841*d5c09012SAndroid Build Coastguard Worker // set 1842*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] 1843*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1844*d5c09012SAndroid Build Coastguard Worker // number of retries. 1845*d5c09012SAndroid Build Coastguard Worker bool verified_digest_crc32c = 3; 1846*d5c09012SAndroid Build Coastguard Worker 1847*d5c09012SAndroid Build Coastguard Worker // The resource name of the 1848*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. 1849*d5c09012SAndroid Build Coastguard Worker // Check this field to verify that the intended resource was used for signing. 1850*d5c09012SAndroid Build Coastguard Worker string name = 4; 1851*d5c09012SAndroid Build Coastguard Worker 1852*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1853*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] 1854*d5c09012SAndroid Build Coastguard Worker // was received by 1855*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1856*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the 1857*d5c09012SAndroid Build Coastguard Worker // [data][google.cloud.kms.v1.AsymmetricSignRequest.data]. A false value of 1858*d5c09012SAndroid Build Coastguard Worker // this field indicates either that 1859*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] 1860*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1861*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1862*d5c09012SAndroid Build Coastguard Worker // set 1863*d5c09012SAndroid Build Coastguard Worker // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] 1864*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1865*d5c09012SAndroid Build Coastguard Worker // number of retries. 1866*d5c09012SAndroid Build Coastguard Worker bool verified_data_crc32c = 5; 1867*d5c09012SAndroid Build Coastguard Worker 1868*d5c09012SAndroid Build Coastguard Worker // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the 1869*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. 1870*d5c09012SAndroid Build Coastguard Worker ProtectionLevel protection_level = 6; 1871*d5c09012SAndroid Build Coastguard Worker} 1872*d5c09012SAndroid Build Coastguard Worker 1873*d5c09012SAndroid Build Coastguard Worker// Response message for 1874*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. 1875*d5c09012SAndroid Build Coastguard Workermessage AsymmetricDecryptResponse { 1876*d5c09012SAndroid Build Coastguard Worker // The decrypted data originally encrypted with the matching public key. 1877*d5c09012SAndroid Build Coastguard Worker bytes plaintext = 1; 1878*d5c09012SAndroid Build Coastguard Worker 1879*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A CRC32C checksum of the returned 1880*d5c09012SAndroid Build Coastguard Worker // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. 1881*d5c09012SAndroid Build Coastguard Worker // An integrity check of 1882*d5c09012SAndroid Build Coastguard Worker // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] 1883*d5c09012SAndroid Build Coastguard Worker // can be performed by computing the CRC32C checksum of 1884*d5c09012SAndroid Build Coastguard Worker // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] 1885*d5c09012SAndroid Build Coastguard Worker // and comparing your results to this field. Discard the response in case of 1886*d5c09012SAndroid Build Coastguard Worker // non-matching checksum values, and perform a limited number of retries. A 1887*d5c09012SAndroid Build Coastguard Worker // persistent mismatch may indicate an issue in your computation of the CRC32C 1888*d5c09012SAndroid Build Coastguard Worker // checksum. Note: This field is defined as int64 for reasons of compatibility 1889*d5c09012SAndroid Build Coastguard Worker // across different languages. However, it is a non-negative integer, which 1890*d5c09012SAndroid Build Coastguard Worker // will never exceed 2^32-1, and can be safely downconverted to uint32 in 1891*d5c09012SAndroid Build Coastguard Worker // languages that support this type. 1892*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value plaintext_crc32c = 2; 1893*d5c09012SAndroid Build Coastguard Worker 1894*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1895*d5c09012SAndroid Build Coastguard Worker // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] 1896*d5c09012SAndroid Build Coastguard Worker // was received by 1897*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1898*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the 1899*d5c09012SAndroid Build Coastguard Worker // [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A 1900*d5c09012SAndroid Build Coastguard Worker // false value of this field indicates either that 1901*d5c09012SAndroid Build Coastguard Worker // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] 1902*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1903*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1904*d5c09012SAndroid Build Coastguard Worker // set 1905*d5c09012SAndroid Build Coastguard Worker // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] 1906*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1907*d5c09012SAndroid Build Coastguard Worker // number of retries. 1908*d5c09012SAndroid Build Coastguard Worker bool verified_ciphertext_crc32c = 3; 1909*d5c09012SAndroid Build Coastguard Worker 1910*d5c09012SAndroid Build Coastguard Worker // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the 1911*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in 1912*d5c09012SAndroid Build Coastguard Worker // decryption. 1913*d5c09012SAndroid Build Coastguard Worker ProtectionLevel protection_level = 4; 1914*d5c09012SAndroid Build Coastguard Worker} 1915*d5c09012SAndroid Build Coastguard Worker 1916*d5c09012SAndroid Build Coastguard Worker// Response message for 1917*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign]. 1918*d5c09012SAndroid Build Coastguard Workermessage MacSignResponse { 1919*d5c09012SAndroid Build Coastguard Worker // The resource name of the 1920*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. 1921*d5c09012SAndroid Build Coastguard Worker // Check this field to verify that the intended resource was used for signing. 1922*d5c09012SAndroid Build Coastguard Worker string name = 1; 1923*d5c09012SAndroid Build Coastguard Worker 1924*d5c09012SAndroid Build Coastguard Worker // The created signature. 1925*d5c09012SAndroid Build Coastguard Worker bytes mac = 2; 1926*d5c09012SAndroid Build Coastguard Worker 1927*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A CRC32C checksum of the returned 1928*d5c09012SAndroid Build Coastguard Worker // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac]. An 1929*d5c09012SAndroid Build Coastguard Worker // integrity check of 1930*d5c09012SAndroid Build Coastguard Worker // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] can be 1931*d5c09012SAndroid Build Coastguard Worker // performed by computing the CRC32C checksum of 1932*d5c09012SAndroid Build Coastguard Worker // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] and 1933*d5c09012SAndroid Build Coastguard Worker // comparing your results to this field. Discard the response in case of 1934*d5c09012SAndroid Build Coastguard Worker // non-matching checksum values, and perform a limited number of retries. A 1935*d5c09012SAndroid Build Coastguard Worker // persistent mismatch may indicate an issue in your computation of the CRC32C 1936*d5c09012SAndroid Build Coastguard Worker // checksum. Note: This field is defined as int64 for reasons of compatibility 1937*d5c09012SAndroid Build Coastguard Worker // across different languages. However, it is a non-negative integer, which 1938*d5c09012SAndroid Build Coastguard Worker // will never exceed 2^32-1, and can be safely downconverted to uint32 in 1939*d5c09012SAndroid Build Coastguard Worker // languages that support this type. 1940*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value mac_crc32c = 3; 1941*d5c09012SAndroid Build Coastguard Worker 1942*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1943*d5c09012SAndroid Build Coastguard Worker // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] 1944*d5c09012SAndroid Build Coastguard Worker // was received by 1945*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1946*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the 1947*d5c09012SAndroid Build Coastguard Worker // [data][google.cloud.kms.v1.MacSignRequest.data]. A false value of this 1948*d5c09012SAndroid Build Coastguard Worker // field indicates either that 1949*d5c09012SAndroid Build Coastguard Worker // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] 1950*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1951*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1952*d5c09012SAndroid Build Coastguard Worker // set 1953*d5c09012SAndroid Build Coastguard Worker // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] 1954*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1955*d5c09012SAndroid Build Coastguard Worker // number of retries. 1956*d5c09012SAndroid Build Coastguard Worker bool verified_data_crc32c = 4; 1957*d5c09012SAndroid Build Coastguard Worker 1958*d5c09012SAndroid Build Coastguard Worker // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the 1959*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. 1960*d5c09012SAndroid Build Coastguard Worker ProtectionLevel protection_level = 5; 1961*d5c09012SAndroid Build Coastguard Worker} 1962*d5c09012SAndroid Build Coastguard Worker 1963*d5c09012SAndroid Build Coastguard Worker// Response message for 1964*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify]. 1965*d5c09012SAndroid Build Coastguard Workermessage MacVerifyResponse { 1966*d5c09012SAndroid Build Coastguard Worker // The resource name of the 1967*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for 1968*d5c09012SAndroid Build Coastguard Worker // verification. Check this field to verify that the intended resource was 1969*d5c09012SAndroid Build Coastguard Worker // used for verification. 1970*d5c09012SAndroid Build Coastguard Worker string name = 1; 1971*d5c09012SAndroid Build Coastguard Worker 1972*d5c09012SAndroid Build Coastguard Worker // This field indicates whether or not the verification operation for 1973*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] over 1974*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] was 1975*d5c09012SAndroid Build Coastguard Worker // successful. 1976*d5c09012SAndroid Build Coastguard Worker bool success = 2; 1977*d5c09012SAndroid Build Coastguard Worker 1978*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1979*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] 1980*d5c09012SAndroid Build Coastguard Worker // was received by 1981*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1982*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the 1983*d5c09012SAndroid Build Coastguard Worker // [data][google.cloud.kms.v1.MacVerifyRequest.data]. A false value of this 1984*d5c09012SAndroid Build Coastguard Worker // field indicates either that 1985*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] 1986*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 1987*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 1988*d5c09012SAndroid Build Coastguard Worker // set 1989*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] 1990*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 1991*d5c09012SAndroid Build Coastguard Worker // number of retries. 1992*d5c09012SAndroid Build Coastguard Worker bool verified_data_crc32c = 3; 1993*d5c09012SAndroid Build Coastguard Worker 1994*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A flag indicating whether 1995*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] 1996*d5c09012SAndroid Build Coastguard Worker // was received by 1997*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used 1998*d5c09012SAndroid Build Coastguard Worker // for the integrity verification of the 1999*d5c09012SAndroid Build Coastguard Worker // [data][google.cloud.kms.v1.MacVerifyRequest.mac]. A false value of this 2000*d5c09012SAndroid Build Coastguard Worker // field indicates either that 2001*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] 2002*d5c09012SAndroid Build Coastguard Worker // was left unset or that it was not delivered to 2003*d5c09012SAndroid Build Coastguard Worker // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've 2004*d5c09012SAndroid Build Coastguard Worker // set 2005*d5c09012SAndroid Build Coastguard Worker // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] 2006*d5c09012SAndroid Build Coastguard Worker // but this field is still false, discard the response and perform a limited 2007*d5c09012SAndroid Build Coastguard Worker // number of retries. 2008*d5c09012SAndroid Build Coastguard Worker bool verified_mac_crc32c = 4; 2009*d5c09012SAndroid Build Coastguard Worker 2010*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. This value is used for the integrity 2011*d5c09012SAndroid Build Coastguard Worker // verification of [MacVerifyResponse.success]. If the value of this field 2012*d5c09012SAndroid Build Coastguard Worker // contradicts the value of [MacVerifyResponse.success], discard the response 2013*d5c09012SAndroid Build Coastguard Worker // and perform a limited number of retries. 2014*d5c09012SAndroid Build Coastguard Worker bool verified_success_integrity = 5; 2015*d5c09012SAndroid Build Coastguard Worker 2016*d5c09012SAndroid Build Coastguard Worker // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the 2017*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for 2018*d5c09012SAndroid Build Coastguard Worker // verification. 2019*d5c09012SAndroid Build Coastguard Worker ProtectionLevel protection_level = 6; 2020*d5c09012SAndroid Build Coastguard Worker} 2021*d5c09012SAndroid Build Coastguard Worker 2022*d5c09012SAndroid Build Coastguard Worker// Response message for 2023*d5c09012SAndroid Build Coastguard Worker// [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes]. 2024*d5c09012SAndroid Build Coastguard Workermessage GenerateRandomBytesResponse { 2025*d5c09012SAndroid Build Coastguard Worker // The generated data. 2026*d5c09012SAndroid Build Coastguard Worker bytes data = 1; 2027*d5c09012SAndroid Build Coastguard Worker 2028*d5c09012SAndroid Build Coastguard Worker // Integrity verification field. A CRC32C checksum of the returned 2029*d5c09012SAndroid Build Coastguard Worker // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]. 2030*d5c09012SAndroid Build Coastguard Worker // An integrity check of 2031*d5c09012SAndroid Build Coastguard Worker // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] 2032*d5c09012SAndroid Build Coastguard Worker // can be performed by computing the CRC32C checksum of 2033*d5c09012SAndroid Build Coastguard Worker // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] 2034*d5c09012SAndroid Build Coastguard Worker // and comparing your results to this field. Discard the response in case of 2035*d5c09012SAndroid Build Coastguard Worker // non-matching checksum values, and perform a limited number of retries. A 2036*d5c09012SAndroid Build Coastguard Worker // persistent mismatch may indicate an issue in your computation of the CRC32C 2037*d5c09012SAndroid Build Coastguard Worker // checksum. Note: This field is defined as int64 for reasons of compatibility 2038*d5c09012SAndroid Build Coastguard Worker // across different languages. However, it is a non-negative integer, which 2039*d5c09012SAndroid Build Coastguard Worker // will never exceed 2^32-1, and can be safely downconverted to uint32 in 2040*d5c09012SAndroid Build Coastguard Worker // languages that support this type. 2041*d5c09012SAndroid Build Coastguard Worker google.protobuf.Int64Value data_crc32c = 3; 2042*d5c09012SAndroid Build Coastguard Worker} 2043*d5c09012SAndroid Build Coastguard Worker 2044*d5c09012SAndroid Build Coastguard Worker// A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest. 2045*d5c09012SAndroid Build Coastguard Workermessage Digest { 2046*d5c09012SAndroid Build Coastguard Worker // Required. The message digest. 2047*d5c09012SAndroid Build Coastguard Worker oneof digest { 2048*d5c09012SAndroid Build Coastguard Worker // A message digest produced with the SHA-256 algorithm. 2049*d5c09012SAndroid Build Coastguard Worker bytes sha256 = 1; 2050*d5c09012SAndroid Build Coastguard Worker 2051*d5c09012SAndroid Build Coastguard Worker // A message digest produced with the SHA-384 algorithm. 2052*d5c09012SAndroid Build Coastguard Worker bytes sha384 = 2; 2053*d5c09012SAndroid Build Coastguard Worker 2054*d5c09012SAndroid Build Coastguard Worker // A message digest produced with the SHA-512 algorithm. 2055*d5c09012SAndroid Build Coastguard Worker bytes sha512 = 3; 2056*d5c09012SAndroid Build Coastguard Worker } 2057*d5c09012SAndroid Build Coastguard Worker} 2058*d5c09012SAndroid Build Coastguard Worker 2059*d5c09012SAndroid Build Coastguard Worker// Cloud KMS metadata for the given 2060*d5c09012SAndroid Build Coastguard Worker// [google.cloud.location.Location][google.cloud.location.Location]. 2061*d5c09012SAndroid Build Coastguard Workermessage LocationMetadata { 2062*d5c09012SAndroid Build Coastguard Worker // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with 2063*d5c09012SAndroid Build Coastguard Worker // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] 2064*d5c09012SAndroid Build Coastguard Worker // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this 2065*d5c09012SAndroid Build Coastguard Worker // location. 2066*d5c09012SAndroid Build Coastguard Worker bool hsm_available = 1; 2067*d5c09012SAndroid Build Coastguard Worker 2068*d5c09012SAndroid Build Coastguard Worker // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with 2069*d5c09012SAndroid Build Coastguard Worker // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] 2070*d5c09012SAndroid Build Coastguard Worker // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in 2071*d5c09012SAndroid Build Coastguard Worker // this location. 2072*d5c09012SAndroid Build Coastguard Worker bool ekm_available = 2; 2073*d5c09012SAndroid Build Coastguard Worker} 2074