1// Copyright 2017 Google Inc. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17syntax = "proto3"; 18 19package google.crypto.tink; 20 21import "proto/tink.proto"; 22 23option java_package = "com.google.crypto.tink.proto"; 24option java_multiple_files = true; 25option go_package = "github.com/google/tink/go/proto/kms_envelope_go_proto"; 26 27message KmsEnvelopeAeadKeyFormat { 28 // Required. 29 // The location of the KEK in a remote KMS. 30 // With Google Cloud KMS, valid values have this format: 31 // gcp-kms://projects/*/locations/*/keyRings/*/cryptoKeys/*. 32 // With AWS KMS, valid values have this format: 33 // aws-kms://arn:aws:kms:<region>:<account-id>:key/<key-id> 34 string kek_uri = 1; 35 // Key template of the Data Encryption Key, e.g., AesCtrHmacAeadKeyFormat. 36 // Required. 37 KeyTemplate dek_template = 2; 38} 39 40// There is no actual key material in the key. 41message KmsEnvelopeAeadKey { 42 uint32 version = 1; 43 // The key format also contains the params. 44 KmsEnvelopeAeadKeyFormat params = 2; 45} 46