package github.com.hashicorp.go.kms.wrapping.v2.types

Get desktop application:
View/edit binary Protocol Buffers messages

BlobInfo contains information about the encrypted value along with information about the key used to encrypt it

Used in: plugin.v2.DecryptRequest, plugin.v2.EncryptResponse

• bytes ciphertext = 1

  Ciphertext is the encrypted bytes @gotags: class:"public"

• bytes iv = 2

  IV is the initialization value used during encryption @gotags: class:"secret"

• bytes hmac = 3

  HMAC is the bytes of the HMAC, if any @gotags: class:"public"

• bool wrapped = 4

  Wrapped can be used by the client to indicate whether Ciphertext actually contains wrapped data or not. This can be useful if you want to reuse the same struct to pass data along before and after wrapping. Deprecated in favor of plaintext.

• bytes plaintext = 7

  Plaintext can be used to allow the same struct to be used to pass data along before and after (un)wrapping. @gotags: class:"secret"

• optional KeyInfo key_info = 5

  KeyInfo contains information about the key that was used to create this value

• string value_path = 6

  ValuePath can be used by the client to store information about where the value came from. Deprecated in favor of client_data. @gotags: class:"public"

• optional google.protobuf.Struct client_data = 8

  ClientData can be used by the client to store extra information, for instance, the location/provenance of where an encrypted value came from (useful for associating AAD to the encrypted value).

EnvelopeInfo contains the information necessary to perfom encryption or decryption in an envelope fashion

• bytes ciphertext = 1

  Ciphertext is the ciphertext from the envelope @gotags: class:"public"

• bytes key = 2

  Key is the key used in the envelope @gotags: class:"secret"

• bytes iv = 3

  IV is the initialization value used during encryption in the envelope @gotags: class:"secret"

HmacType defines the hmac algorithm type

Used in: SigInfo

• Unknown_HmacType = 0

• Sha224 = 1

• Sha256 = 2

• Sha384 = 3

• Sha512 = 4

Used in: KeyInfo, Options

• Unknown_KeyEncoding = 0

• Pkix = 1

• Pkcs8 = 2

• Bytes = 3

KeyInfo contains information regarding which Wrapper key was used to encrypt the entry

Used in: BlobInfo, SigInfo

• uint64 mechanism = 1

  Mechanism is the method used by the wrapper to encrypt and sign the data as defined by the wrapper. (optional)

• uint64 hmac_mechanism = 2

• string key_id = 3

  This is an opaque ID used by the wrapper to identify the specific key to use as defined by the wrapper. This could be a version, key label, or something else. (optional) @gotags: class:"public"

• string hmac_key_id = 4

  @gotags: class:"public"

• bytes wrapped_key = 5

  These value are used when generating our own data encryption keys and encrypting them using the wrapper (optional) @gotags: class:"secret"

• uint64 flags = 6

  Mechanism specific flags (optional)

• KeyType key_type = 7

  The key type (optional)

• repeated KeyPurpose key_purposes = 8

  The key purposes (optional)

• bytes key = 9

  plaintext key used when generating our own data encryption keys (optional) @gotags: class:"secret"

• KeyEncoding key_encoding = 10

  encoding of the key (optional)

• KeyEncoding wrapped_key_encoding = 11

  encoding of the wrapped_key (optional)

KeyPurpose defines the cryptographic capabilities of a key.

Used in: KeyInfo, Options

• KeyPurpose_Unknown = 0

• Encrypt = 1

• Decrypt = 2

• Sign = 3

• Verify = 4

• Wrap = 5

• Unwrap = 6

• MAC = 7

KeyType defines the key's type

Used in: KeyInfo, Options

• Unknown_KeyType = 0

• Rsa2048 = 1

• Rsa3072 = 2

• Rsa4096 = 3

• Aes256 = 4

• EdsaP256 = 5

• EdsaP384 = 6

• EdsaP521 = 7

• HMAC = 8

• Ed25519 = 9

Options holds options common to all wrappers

Used in: plugin.v2.DecryptRequest, plugin.v2.EncryptRequest, plugin.v2.FinalizeRequest, plugin.v2.InitRequest, plugin.v2.SetConfigRequest, plugin.v2.SignRequest, plugin.v2.VerifyRequest

• string with_key_id = 10

  The key ID being specified @gotags: class:"public"

• bytes with_aad = 20

  The AAD bytes, if any @gotags: class:"secret"

• bytes with_iv = 12

  @gotags: class:"secret"

• map<string, string> with_config_map = 30

  Wrapper-specific configuration to pass along

• repeated KeyPurpose with_key_purposes = 40

  The purposes of the key being specified

• KeyType with_key_type = 50

  The type of the key being specified

• bytes with_random_bytes = 60

  optional bytes of entropy @gotags: class:"secret"

• KeyEncoding with_key_encoding = 70

  encoding of the key

• KeyEncoding with_wrapped_key_encoding = 80

  encoding of the wrapped_key

• bool with_disallow_env_vars = 90

• bool without_hmac = 100

  WithoutHmac specifies that an HMAC is not necessary for the mechanism, even if marked as "required"

• bool without_envelope = 110

  WithoutEnvelope specifies that encryption should be over the plaintext rather than using an envelope encryption pattern

SigInfo contains information about a cryptographic signature

Used in: plugin.v2.SignResponse, plugin.v2.VerifyRequest

• optional KeyInfo key_info = 10

  KeyInfo contains information about the key that was used to create this value

• bytes signature = 20

  Signature contains the bytes of the signature @gotags: class:"public"

• optional HmacType hmac_type = 30

  HmacType (optional) defines the hmac algorithm used

WrapperConfig is the result of a call to SetConfig on a wrapper, returning relevant information about the wrapper and its updated configuration

Used in: plugin.v2.SetConfigResponse

• map<string, string> metadata = 10