SymmetricCryptoService

Calls SymmetricCryptoService
Encrypt
- SymmetricEncryptRequest
- SymmetricEncryptResponse
Decrypt
- SymmetricDecryptRequest
- SymmetricDecryptResponse
ReEncrypt
- SymmetricReEncryptRequest
- SymmetricReEncryptResponse
GenerateDataKey
- GenerateDataKeyRequest
- GenerateDataKeyResponse

--- Data plane for KMS symmetric cryptography operations
Set of methods that perform symmetric encryption and decryption.

Call	Description
Encrypt	Encrypts given plaintext with the specified key.
Decrypt	Decrypts the given ciphertext with the specified key.
ReEncrypt	Re-encrypts a ciphertext with the specified KMS key.
GenerateDataKey	Generates a new symmetric data encryption key (not a KMS key) and returns the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key.

Calls SymmetricCryptoService

Encrypt

Encrypts given plaintext with the specified key.

rpc Encrypt (SymmetricEncryptRequest) returns (SymmetricEncryptResponse)

SymmetricEncryptRequest

Field	Description
key_id	string Required. ID of the symmetric KMS key to use for encryption. The maximum string length in characters is 50.
version_id	string ID of the key version to encrypt plaintext with. Defaults to the primary version if not specified. The maximum string length in characters is 50.
aad_context	bytes Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the SymmetricDecryptRequest. Should be encoded with base64. The maximum string length in characters is 8192.
plaintext	bytes Required. Plaintext to be encrypted. Should be encoded with base64. The maximum string length in characters is 32768.

SymmetricEncryptResponse

Field	Description
key_id	string Required. ID of the symmetric KMS key that was used for encryption. The maximum string length in characters is 50.
version_id	string ID of the key version that was used for encryption. The maximum string length in characters is 50.
ciphertext	bytes Resulting ciphertext.

Decrypt

Decrypts the given ciphertext with the specified key.

rpc Decrypt (SymmetricDecryptRequest) returns (SymmetricDecryptResponse)

SymmetricDecryptRequest

Field	Description
key_id	string Required. ID of the symmetric KMS key to use for decryption. The maximum string length in characters is 50.
aad_context	bytes Additional authenticated data, must be the same as was provided in the corresponding SymmetricEncryptRequest. Should be encoded with base64. The maximum string length in characters is 8192.
ciphertext	bytes Required. Ciphertext to be decrypted. Should be encoded with base64.

SymmetricDecryptResponse

Field	Description
key_id	string ID of the symmetric KMS key that was used for decryption.
version_id	string ID of the key version that was used for decryption.
plaintext	bytes Decrypted plaintext.

ReEncrypt

Re-encrypts a ciphertext with the specified KMS key.

rpc ReEncrypt (SymmetricReEncryptRequest) returns (SymmetricReEncryptResponse)

SymmetricReEncryptRequest

Field	Description
key_id	string Required. ID of the new key to be used for encryption. The maximum string length in characters is 50.
version_id	string ID of the version of the new key to be used for encryption. Defaults to the primary version if not specified. The maximum string length in characters is 50.
aad_context	bytes Additional authenticated data to be required for decryption. Should be encoded with base64. The maximum string length in characters is 8192.
source_key_id	string Required. ID of the key that the ciphertext is currently encrypted with. May be the same as for the new key. The maximum string length in characters is 50.
source_aad_context	bytes Additional authenticated data provided with the initial encryption request. Should be encoded with base64. The maximum string length in characters is 8192.
ciphertext	bytes Required. Ciphertext to re-encrypt. Should be encoded with base64.

SymmetricReEncryptResponse

Field	Description
key_id	string ID of the key that the ciphertext is encrypted with now.
version_id	string ID of key version that was used for encryption.
source_key_id	string ID of the key that the ciphertext was encrypted with previously.
source_version_id	string ID of the key version that was used to decrypt the re-encrypted ciphertext.
ciphertext	bytes Resulting re-encrypted ciphertext.

GenerateDataKey

Generates a new symmetric data encryption key (not a KMS key) and returns the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key.

rpc GenerateDataKey (GenerateDataKeyRequest) returns (GenerateDataKeyResponse)

GenerateDataKeyRequest

Field	Description
key_id	string Required. ID of the symmetric KMS key that the generated data key should be encrypted with. The maximum string length in characters is 50.
version_id	string ID of the key version to encrypt the generated data key with. Defaults to the primary version if not specified. The maximum string length in characters is 50.
aad_context	bytes Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the SymmetricDecryptRequest. Should be encoded with base64. The maximum string length in characters is 8192.
data_key_spec	enum SymmetricAlgorithm Encryption algorithm and key length for the generated data key. `AES_128`: AES algorithm with 128-bit keys. `AES_192`: AES algorithm with 192-bit keys. `AES_256`: AES algorithm with 256-bit keys.
skip_plaintext	bool If `true`, the method won't return the data key as plaintext. Default value is `false`.

GenerateDataKeyResponse

Field	Description
key_id	string ID of the symmetric KMS key that was used to encrypt the generated data key.
version_id	string ID of the key version that was used for encryption.
data_key_plaintext	bytes Generated data key as plaintext. The field is empty, if the GenerateDataKeyRequest.skip_plaintext parameter was set to `true`.
data_key_ciphertext	bytes The encrypted data key.