Key Management Service API, gRPC: SymmetricCryptoService
Written by
Updated at December 13, 2022
Set of methods that perform symmetric encryption and decryption.
Call | Description |
---|---|
Encrypt | Encrypts given plaintext with the specified key. |
Decrypt | Decrypts the given ciphertext with the specified key. |
ReEncrypt | Re-encrypts a ciphertext with the specified KMS key. |
GenerateDataKey | Generates a new symmetric data encryption key (not a KMS key) and returns the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key. |
Calls SymmetricCryptoService
Encrypt
Encrypts given plaintext with the specified key.
rpc Encrypt (SymmetricEncryptRequest) returns (SymmetricEncryptResponse)
SymmetricEncryptRequest
Field | Description |
---|---|
key_id | string Required. ID of the symmetric KMS key to use for encryption. The maximum string length in characters is 50. |
version_id | string ID of the key version to encrypt plaintext with. Defaults to the primary version if not specified. The maximum string length in characters is 50. |
aad_context | bytes Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the SymmetricDecryptRequest. Should be encoded with base64. The maximum string length in characters is 8192. |
plaintext | bytes Required. Plaintext to be encrypted. Should be encoded with base64. The maximum string length in characters is 32768. |
SymmetricEncryptResponse
Field | Description |
---|---|
key_id | string Required. ID of the symmetric KMS key that was used for encryption. The maximum string length in characters is 50. |
version_id | string ID of the key version that was used for encryption. The maximum string length in characters is 50. |
ciphertext | bytes Resulting ciphertext. |
Decrypt
Decrypts the given ciphertext with the specified key.
rpc Decrypt (SymmetricDecryptRequest) returns (SymmetricDecryptResponse)
SymmetricDecryptRequest
Field | Description |
---|---|
key_id | string Required. ID of the symmetric KMS key to use for decryption. The maximum string length in characters is 50. |
aad_context | bytes Additional authenticated data, must be the same as was provided in the corresponding SymmetricEncryptRequest. Should be encoded with base64. The maximum string length in characters is 8192. |
ciphertext | bytes Required. Ciphertext to be decrypted. Should be encoded with base64. |
SymmetricDecryptResponse
Field | Description |
---|---|
key_id | string ID of the symmetric KMS key that was used for decryption. |
version_id | string ID of the key version that was used for decryption. |
plaintext | bytes Decrypted plaintext. |
ReEncrypt
Re-encrypts a ciphertext with the specified KMS key.
rpc ReEncrypt (SymmetricReEncryptRequest) returns (SymmetricReEncryptResponse)
SymmetricReEncryptRequest
Field | Description |
---|---|
key_id | string Required. ID of the new key to be used for encryption. The maximum string length in characters is 50. |
version_id | string ID of the version of the new key to be used for encryption. Defaults to the primary version if not specified. The maximum string length in characters is 50. |
aad_context | bytes Additional authenticated data to be required for decryption. Should be encoded with base64. The maximum string length in characters is 8192. |
source_key_id | string Required. ID of the key that the ciphertext is currently encrypted with. May be the same as for the new key. The maximum string length in characters is 50. |
source_aad_context | bytes Additional authenticated data provided with the initial encryption request. Should be encoded with base64. The maximum string length in characters is 8192. |
ciphertext | bytes Required. Ciphertext to re-encrypt. Should be encoded with base64. |
SymmetricReEncryptResponse
Field | Description |
---|---|
key_id | string ID of the key that the ciphertext is encrypted with now. |
version_id | string ID of key version that was used for encryption. |
source_key_id | string ID of the key that the ciphertext was encrypted with previously. |
source_version_id | string ID of the key version that was used to decrypt the re-encrypted ciphertext. |
ciphertext | bytes Resulting re-encrypted ciphertext. |
GenerateDataKey
Generates a new symmetric data encryption key (not a KMS key) and returns the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key.
rpc GenerateDataKey (GenerateDataKeyRequest) returns (GenerateDataKeyResponse)
GenerateDataKeyRequest
Field | Description |
---|---|
key_id | string Required. ID of the symmetric KMS key that the generated data key should be encrypted with. The maximum string length in characters is 50. |
version_id | string ID of the key version to encrypt the generated data key with. Defaults to the primary version if not specified. The maximum string length in characters is 50. |
aad_context | bytes Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the SymmetricDecryptRequest. Should be encoded with base64. The maximum string length in characters is 8192. |
data_key_spec | enum SymmetricAlgorithm Encryption algorithm and key length for the generated data key.
|
skip_plaintext | bool If true , the method won't return the data key as plaintext. Default value is false . |
GenerateDataKeyResponse
Field | Description |
---|---|
key_id | string ID of the symmetric KMS key that was used to encrypt the generated data key. |
version_id | string ID of the key version that was used for encryption. |
data_key_plaintext | bytes Generated data key as plaintext. The field is empty, if the GenerateDataKeyRequest.skip_plaintext parameter was set to true . |
data_key_ciphertext | bytes The encrypted data key. |