Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Key Management Service API, gRPC: AsymmetricSignatureKeyService.Create

Written by
Updated at October 17, 2024

control plane
Creates an asymmetric KMS key in the specified folder.

gRPC request

rpc Create (CreateAsymmetricSignatureKeyRequest) returns (operation.Operation)

CreateAsymmetricSignatureKeyRequest

{
  "folderId": "string",
  "name": "string",
  "description": "string",
  "labels": "string",
  "signatureAlgorithm": "AsymmetricSignatureAlgorithm",
  "deletionProtection": "bool"
}

Field

Description

folderId

string

Required field. ID of the folder to create a asymmetric KMS key in.

name

string

Name of the key.

description

string

Description of the key.

labels

string

Custom labels for the asymmetric KMS key as key:value pairs. Maximum 64 per key.
For example, "project": "mvp" or "source": "dictionary".

signatureAlgorithm

enum AsymmetricSignatureAlgorithm

Asymmetric signature algorithm.

  • ASYMMETRIC_SIGNATURE_ALGORITHM_UNSPECIFIED
  • RSA_2048_SIGN_PSS_SHA_256: RSA-2048 signature with PSS padding and SHA-256
  • RSA_2048_SIGN_PSS_SHA_384: RSA-2048 signature with PSS padding and SHA-384
  • RSA_2048_SIGN_PSS_SHA_512: RSA-2048 signature with PSS padding and SHA-512
  • RSA_3072_SIGN_PSS_SHA_256: RSA-3072 signature with PSS padding and SHA-256
  • RSA_3072_SIGN_PSS_SHA_384: RSA-3072 signature with PSS padding and SHA-384
  • RSA_3072_SIGN_PSS_SHA_512: RSA-3072 signature with PSS padding and SHA-512
  • RSA_4096_SIGN_PSS_SHA_256: RSA-4096 signature with PSS padding and SHA-256
  • RSA_4096_SIGN_PSS_SHA_384: RSA-4096 signature with PSS padding and SHA-384
  • RSA_4096_SIGN_PSS_SHA_512: RSA-4096 signature with PSS padding and SHA-512
  • ECDSA_NIST_P256_SHA_256: ECDSA signature with NIST P-256 curve and SHA-256
  • ECDSA_NIST_P384_SHA_384: ECDSA signature with NIST P-384 curve and SHA-384
  • ECDSA_NIST_P521_SHA_512: ECDSA signature with NIST P-521 curve and SHA-512
  • ECDSA_SECP256_K1_SHA_256: ECDSA signature with SECP256_K1 curve and SHA-256

deletionProtection

bool

Flag that inhibits deletion of the symmetric KMS key

operation.Operation

{
  "id": "string",
  "description": "string",
  "createdAt": "google.protobuf.Timestamp",
  "createdBy": "string",
  "modifiedAt": "google.protobuf.Timestamp",
  "done": "bool",
  "metadata": {
    "keyId": "string"
  },
  // Includes only one of the fields `error`, `response`
  "error": "google.rpc.Status",
  "response": {
    "id": "string",
    "folderId": "string",
    "createdAt": "google.protobuf.Timestamp",
    "name": "string",
    "description": "string",
    "labels": "string",
    "status": "Status",
    "signatureAlgorithm": "AsymmetricSignatureAlgorithm",
    "deletionProtection": "bool"
  }
  // end of the list of possible fields
}

An Operation resource. For more information, see Operation.

Field

Description

id

string

ID of the operation.

description

string

Description of the operation. 0-256 characters long.

createdAt

google.protobuf.Timestamp

Creation timestamp.

createdBy

string

ID of the user or service account who initiated the operation.

modifiedAt

google.protobuf.Timestamp

The time when the Operation resource was last modified.

done

bool

If the value is false, it means the operation is still in progress.
If true, the operation is completed, and either error or response is available.

metadata

CreateAsymmetricSignatureKeyMetadata

Service-specific metadata associated with the operation.
It typically contains the ID of the target resource that the operation is performed on.
Any method that returns a long-running operation should document the metadata type, if any.

error

google.rpc.Status

The error result of the operation in case of failure or cancellation.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

response

AsymmetricSignatureKey

The normal response of the operation in case of success.
If the original method returns no data on success, such as Delete,
the response is google.protobuf.Empty.
If the original method is the standard Create/Update,
the response should be the target resource of the operation.
Any method that returns a long-running operation should document the response type, if any.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

CreateAsymmetricSignatureKeyMetadata

Field

Description

keyId

string

ID of the key being created.

AsymmetricSignatureKey

An asymmetric KMS key that may contain several versions of the cryptographic material.

Field

Description

id

string

ID of the key.

folderId

string

ID of the folder that the key belongs to.

createdAt

google.protobuf.Timestamp

Time when the key was created.

name

string

Name of the key.

description

string

Description of the key.

labels

string

Custom labels for the key as key:value pairs. Maximum 64 per key.

status

enum Status

Current status of the key.

  • STATUS_UNSPECIFIED
  • CREATING: The key is being created.
  • ACTIVE: The key is active and can be used for encryption and decryption or signature and verification.
    Can be set to INACTIVE using the [AsymmetricKeyService.Update] method.
  • INACTIVE: The key is inactive and unusable.
    Can be set to ACTIVE using the [AsymmetricKeyService.Update] method.

signatureAlgorithm

enum AsymmetricSignatureAlgorithm

Signature Algorithm ID.

  • ASYMMETRIC_SIGNATURE_ALGORITHM_UNSPECIFIED
  • RSA_2048_SIGN_PSS_SHA_256: RSA-2048 signature with PSS padding and SHA-256
  • RSA_2048_SIGN_PSS_SHA_384: RSA-2048 signature with PSS padding and SHA-384
  • RSA_2048_SIGN_PSS_SHA_512: RSA-2048 signature with PSS padding and SHA-512
  • RSA_3072_SIGN_PSS_SHA_256: RSA-3072 signature with PSS padding and SHA-256
  • RSA_3072_SIGN_PSS_SHA_384: RSA-3072 signature with PSS padding and SHA-384
  • RSA_3072_SIGN_PSS_SHA_512: RSA-3072 signature with PSS padding and SHA-512
  • RSA_4096_SIGN_PSS_SHA_256: RSA-4096 signature with PSS padding and SHA-256
  • RSA_4096_SIGN_PSS_SHA_384: RSA-4096 signature with PSS padding and SHA-384
  • RSA_4096_SIGN_PSS_SHA_512: RSA-4096 signature with PSS padding and SHA-512
  • ECDSA_NIST_P256_SHA_256: ECDSA signature with NIST P-256 curve and SHA-256
  • ECDSA_NIST_P384_SHA_384: ECDSA signature with NIST P-384 curve and SHA-384
  • ECDSA_NIST_P521_SHA_512: ECDSA signature with NIST P-521 curve and SHA-512
  • ECDSA_SECP256_K1_SHA_256: ECDSA signature with SECP256_K1 curve and SHA-256

deletionProtection

bool

Flag that inhibits deletion of the key
Previous
Overview
Next
Get