Cloud Key Management Service (KMS) V1 API - Module Google::Cloud::Kms::V1::ImportJob::ImportMethod (v1.14.0)

Reference documentation and code samples for the Cloud Key Management Service (KMS) V1 API module Google::Cloud::Kms::V1::ImportJob::ImportMethod.

ImportMethod describes the key wrapping method chosen for this ImportJob.

Constants

IMPORT_METHOD_UNSPECIFIED

value: 0
Not specified.

RSA_OAEP_3072_SHA1_AES_256

value: 1
This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see RSA AES key wrap mechanism.

RSA_OAEP_4096_SHA1_AES_256

value: 2
This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see RSA AES key wrap mechanism.

RSA_OAEP_3072_SHA256_AES_256

value: 3
This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see RSA AES key wrap mechanism.

RSA_OAEP_4096_SHA256_AES_256

value: 4
This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see RSA AES key wrap mechanism.

RSA_OAEP_3072_SHA256

value: 5
This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import.

RSA_OAEP_4096_SHA256

value: 6
This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import.

HPKE_KEM_ML_KEM_768_HKDF_SHA256_AES_256_GCM

value: 8
Represents the Hybrid Public Key Encryption (HPKE) Scheme originally defined in RFC 9180. It involves wrapping the raw key with an ephemeral AES key, derived with HKDF-SHA256 from an encryption context, that is, in turn obtained from the receiver’s public key with the help of the ML-KEM-768 KEM. For more details, see the ML-KEM HPKE standard.

HPKE_KEM_ML_KEM_1024_HKDF_SHA256_AES_256_GCM

value: 9
Represents the Hybrid Public Key Encryption (HPKE) Scheme originally defined in RFC 9180. It involves wrapping the raw key with an ephemeral AES key, derived with HKDF-SHA256 from an encryption context, that is, in turn obtained from the receiver’s public key with the help of the ML-KEM-1024 KEM. For more details, see the ML-KEM HPKE standard.

HPKE_KEM_XWING_HKDF_SHA256_AES_256_GCM

value: 10
Represents the Hybrid Public Key Encryption (HPKE) Scheme originally defined in RFC 9180. It involves wrapping the raw key with an ephemeral AES key, derived with HKDF-SHA256 from an encryption context, that is, in turn obtained from the receiver’s public key with the help of the X-Wing hybrid KEM. For more details, see the X-Wing standard.