1*e7b1675dSTing-Kang Chang// Copyright 2017 Google Inc. 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changsyntax = "proto3"; 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changpackage google.crypto.tink; 20*e7b1675dSTing-Kang Chang 21*e7b1675dSTing-Kang Changimport "proto/tink.proto"; 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang Changoption java_package = "com.google.crypto.tink.proto"; 24*e7b1675dSTing-Kang Changoption java_multiple_files = true; 25*e7b1675dSTing-Kang Changoption go_package = "github.com/google/tink/go/proto/kms_envelope_go_proto"; 26*e7b1675dSTing-Kang Chang 27*e7b1675dSTing-Kang Changmessage KmsEnvelopeAeadKeyFormat { 28*e7b1675dSTing-Kang Chang // Required. 29*e7b1675dSTing-Kang Chang // The location of the KEK in a remote KMS. 30*e7b1675dSTing-Kang Chang // With Google Cloud KMS, valid values have this format: 31*e7b1675dSTing-Kang Chang // gcp-kms://projects/*/locations/*/keyRings/*/cryptoKeys/*. 32*e7b1675dSTing-Kang Chang // With AWS KMS, valid values have this format: 33*e7b1675dSTing-Kang Chang // aws-kms://arn:aws:kms:<region>:<account-id>:key/<key-id> 34*e7b1675dSTing-Kang Chang string kek_uri = 1; 35*e7b1675dSTing-Kang Chang // Key template of the Data Encryption Key, e.g., AesCtrHmacAeadKeyFormat. 36*e7b1675dSTing-Kang Chang // Required. 37*e7b1675dSTing-Kang Chang KeyTemplate dek_template = 2; 38*e7b1675dSTing-Kang Chang} 39*e7b1675dSTing-Kang Chang 40*e7b1675dSTing-Kang Chang// There is no actual key material in the key. 41*e7b1675dSTing-Kang Changmessage KmsEnvelopeAeadKey { 42*e7b1675dSTing-Kang Chang uint32 version = 1; 43*e7b1675dSTing-Kang Chang // The key format also contains the params. 44*e7b1675dSTing-Kang Chang KmsEnvelopeAeadKeyFormat params = 2; 45*e7b1675dSTing-Kang Chang} 46