Method: cryptoKeyVersions.getPublicKey
Stay organized with collections Save and categorize content based on your preferences.

Full name: projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.getPublicKey

Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.

HTTP request

Choose a location:

The URLs use gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`name`	`string` Required. The `name` of the `CryptoKeyVersion` public key to get. Authorization requires the following IAM permission on the specified resource `name`: `cloudkms.cryptoKeyVersions.viewPublicKey`

name

string

Required. The name of the CryptoKeyVersion public key to get.

Authorization requires the following IAM permission on the specified resource name:

cloudkms.cryptoKeyVersions.viewPublicKey

Query parameters

Parameters

Parameters
`publicKeyFormat`	`enum (PublicKeyFormat)` Optional. The `PublicKey` format specified by the user. This field is required for PQC algorithms. If specified, the public key will be exported through the `publicKey` field in the requested format. Otherwise, the `pem` field will be populated for non-PQC algorithms, and an error will be returned for PQC algorithms.

publicKeyFormat

enum (PublicKeyFormat)

Optional. The PublicKey format specified by the user. This field is required for PQC algorithms. If specified, the public key will be exported through the publicKey field in the requested format. Otherwise, the pem field will be populated for non-PQC algorithms, and an error will be returned for PQC algorithms.

Request body

The request body must be empty.

Response body

The public keys for a given CryptoKeyVersion. Obtained via cryptoKeyVersions.getPublicKey.

If successful, the response body contains data with the following structure:

JSON representation

JSON representation
{ "pem": string, "algorithm": enum (`CryptoKeyVersionAlgorithm`), "pemCrc32c": string, "name": string, "protectionLevel": enum (`ProtectionLevel`), "publicKeyFormat": enum (`PublicKeyFormat`), "publicKey": { object (`ChecksummedData`) } }

{
  "pem": string,
  "algorithm": enum (CryptoKeyVersionAlgorithm),
  "pemCrc32c": string,
  "name": string,
  "protectionLevel": enum (ProtectionLevel),
  "publicKeyFormat": enum (PublicKeyFormat),
  "publicKey": {
    object (ChecksummedData)
  }
}

Fields
`pem`	`string` The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
`algorithm`	`enum (CryptoKeyVersionAlgorithm)` The `Algorithm` associated with this key.
`pemCrc32c`	`string (Int64Value format)` Integrity verification field. A CRC32C checksum of the returned `PublicKey.pem`. An integrity check of `PublicKey.pem` can be performed by computing the CRC32C checksum of `PublicKey.pem` and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed `2^32-1`, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
`name`	`string` The `name` of the `CryptoKeyVersion` public key. Provided here for verification. NOTE: This field is in Beta.
`protectionLevel`	`enum (ProtectionLevel)` The `ProtectionLevel` of the `CryptoKeyVersion` public key.
`publicKeyFormat`	`enum (PublicKeyFormat)` The `PublicKey` format specified by the customer through the `publicKeyFormat` field.
`publicKey`	`object (ChecksummedData)` This field contains the public key (with integrity verification), formatted according to the `publicKeyFormat` field.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloudkms
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

PublicKeyFormat

The supported PublicKey formats.

Enums

Enums
`PUBLIC_KEY_FORMAT_UNSPECIFIED`	If the `publicKeyFormat` field is not specified: - For PQC algorithms, an error will be returned. - For non-PQC algorithms, the default format is PEM, and the field `pem` will be populated. Otherwise, the public key will be exported through the `publicKey` field in the requested format.
`PEM`	The returned public key will be encoded in PEM format. See the RFC7468 sections for General Considerations and Textual Encoding of Subject Public Key Info for more information.
`NIST_PQC`	This is supported only for PQC algorithms. The key material is returned in the format defined by NIST PQC standards (FIPS 203, FIPS 204, and FIPS 205).

PUBLIC_KEY_FORMAT_UNSPECIFIED

If the publicKeyFormat field is not specified: - For PQC algorithms, an error will be returned. - For non-PQC algorithms, the default format is PEM, and the field pem will be populated.

Otherwise, the public key will be exported through the publicKey field in the requested format.

PEM The returned public key will be encoded in PEM format. See the RFC7468 sections for General Considerations and Textual Encoding of Subject Public Key Info for more information.

NIST_PQC This is supported only for PQC algorithms. The key material is returned in the format defined by NIST PQC standards (FIPS 203, FIPS 204, and FIPS 205).

ChecksummedData

Data with integrity verification field.

JSON representation
{ "data": string, "crc32cChecksum": string }

Fields

Fields
`data`	`string (bytes format)` Raw Data. A base64-encoded string.
`crc32cChecksum`	`string (Int64Value format)` Integrity verification field. A CRC32C checksum of the returned `ChecksummedData.data`. An integrity check of `ChecksummedData.data` can be performed by computing the CRC32C checksum of `ChecksummedData.data` and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed `2^32-1`, and can be safely downconverted to uint32 in languages that support this type.

data

string (bytes format)

Raw Data.

A base64-encoded string.

crc32cChecksum

string (Int64Value format)

Integrity verification field. A CRC32C checksum of the returned ChecksummedData.data. An integrity check of ChecksummedData.data can be performed by computing the CRC32C checksum of ChecksummedData.data and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Method: cryptoKeyVersions.getPublicKey Stay organized with collections Save and categorize content based on your preferences.