Method: digest
Stay organized with collections
Save and categorize content based on your preferences.
This call takes a Data Encryption Key (DEK) wrapped with the wrap API, and
returns the base64 encoded
resource key hash.
See also: rewrap
HTTP request
POST https://KACLS_URL/digest
Replace KACLS_URL with the Key Access Control List
Service (KACLS) URL.
Path parameters
None.
Request body
The request body contains data with the following structure:
| JSON representation |
{
"authorization": string,
"reason": string,
"wrapped_key": string
}
|
| Fields |
authorization |
string
A JWT asserting that the user is allowed to unwrap a key for resource_name. See authorization tokens.
|
reason |
string (UTF-8)
A passthrough JSON string providing additional context about the operation. The JSON provided should be sanitized before being displayed. Max size: 1 KB.
|
wrapped_key |
string
The base64 binary object returned by wrap.
|
Response body
If successful, this method returns a base64 encoded
resource key hash.
If the operation fails, a
structured error reply
should be returned.
| JSON representation |
{
"resource_key_hash": string
}
|
Example
Request
POST https://mykacls.example.com/v1/digest
{
"wrapped_key": "7qTh6Mp+svVwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==",
"authorization": "eyJhbGciOi...",
"reason": "{client:'drive' op:'read'}"
}
Response
{
"resource_key_hash": "qClT153ghqBOLPpdMsc4S4n6okPrRaLPBYT0zRcn+go="
}
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-11-14 UTC.
[null,null,["Last updated 2024-11-14 UTC."],[[["\u003cp\u003eThis API call takes a wrapped Data Encryption Key (DEK) and returns a base64 encoded resource key hash.\u003c/p\u003e\n"],["\u003cp\u003eThe request body requires an authorization token, a reason for the operation, and the wrapped key.\u003c/p\u003e\n"],["\u003cp\u003eA successful response provides the resource key hash, while failures return a structured error reply.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003edigest\u003c/code\u003e endpoint is used for this operation within the Key Access Control List Service (KACLS).\u003c/p\u003e\n"],["\u003cp\u003eSee the provided links for more details on authorization tokens, resource key hash, wrap API, rewrap API and structured errors.\u003c/p\u003e\n"]]],["This call digests a wrapped Data Encryption Key (DEK) using a POST request to the KACLS URL's `/digest` endpoint. The request body includes a `wrapped_key`, an `authorization` JWT, and a `reason` string. Upon success, the response returns a JSON object containing the base64 encoded `resource_key_hash`. Failure results in a structured error reply. The `resource_key_hash` can be later used in resources.\n"],null,["# Method: digest\n\nThis call takes a Data Encryption Key (DEK) wrapped with the wrap API, and\nreturns the base64 encoded\n[resource key hash](/workspace/cse/reference/resource-key-hash).\n\nSee also: [`rewrap`](/workspace/cse/reference/rewrap)\n\n### HTTP request\n\n`POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/digest`\n\nReplace \u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e with the Key Access Control List\nService (KACLS) URL.\n\n### Path parameters\n\nNone.\n\n### Request body\n\nThe request body contains data with the following structure:\n\n| JSON representation ||\n|------------------------------------------------------------------------------|---|\n| ``` { \"authorization\": string, \"reason\": string, \"wrapped_key\": string } ``` |\n\n| Fields ||\n|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `authorization` | `string` A JWT asserting that the user is allowed to unwrap a key for `resource_name`. See [authorization tokens](/workspace/cse/reference/authorization-tokens). |\n| `reason` | `string (UTF-8)` A passthrough JSON string providing additional context about the operation. The JSON provided should be sanitized before being displayed. Max size: 1 KB. |\n| `wrapped_key` | `string` The base64 binary object returned by [`wrap`](/workspace/cse/reference/wrap). |\n\n### Response body\n\nIf successful, this method returns a base64 encoded\n[resource key hash](/workspace/cse/reference/resource-key-hash).\n\nIf the operation fails, a\n[structured error reply](/workspace/cse/reference/structured-errors)\nshould be returned.\n\n| JSON representation ||\n|-----------------------------------------|---|\n| ``` { \"resource_key_hash\": string } ``` |\n\n| Fields ||\n|---------------------|-------------------------------------------------------------------------------------------------------------|\n| `resource_key_hash` | `string` base64 encoded binary object. See [resource key hash](/workspace/cse/reference/resource-key-hash). |\n\n### Example\n\n#### Request\n\n POST https://mykacls.example.com/v1/digest\n\n {\n \"wrapped_key\": \"7qTh6Mp+svVwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==\",\n \"authorization\": \"eyJhbGciOi...\",\n \"reason\": \"{client:'drive' op:'read'}\"\n }\n\n#### Response\n\n {\n \"resource_key_hash\": \"qClT153ghqBOLPpdMsc4S4n6okPrRaLPBYT0zRcn+go=\"\n }"]]
