Reference documentation and code samples for the Google Cloud Key Management Service v1 API enum CryptoKey.Types.CryptoKeyPurpose.
[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose]
describes the cryptographic capabilities of a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be used
for the operations allowed by its purpose. For more information, see Key
purposes.
[CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
with
[AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]
and
[GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
AsymmetricSign
[CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
with
[AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]
and
[GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
EncryptDecrypt
[CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
with [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
[Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
Mac
[CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
RawEncryptDecrypt
[CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
with [RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]
and [RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].
This purpose is meant to be used for interoperable symmetric
encryption and does not support automatic CryptoKey rotation.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe latest version of the Google Cloud Key Management Service v1 API, specifically for the \u003ccode\u003eCryptoKey.Types.CryptoKeyPurpose\u003c/code\u003e enum, is version 3.16.0, with numerous prior versions also accessible for reference.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eCryptoKey.Types.CryptoKeyPurpose\u003c/code\u003e enum defines the cryptographic capabilities and permitted operations for a \u003ccode\u003eCryptoKey\u003c/code\u003e, as further explained in the "Key purposes" documentation.\u003c/p\u003e\n"],["\u003cp\u003eThis API offers multiple purposes for CryptoKeys, including \u003ccode\u003eAsymmetricDecrypt\u003c/code\u003e, \u003ccode\u003eAsymmetricSign\u003c/code\u003e, \u003ccode\u003eEncryptDecrypt\u003c/code\u003e, \u003ccode\u003eMac\u003c/code\u003e, and \u003ccode\u003eRawEncryptDecrypt\u003c/code\u003e, each supporting specific cryptographic operations like encryption, decryption, and signing.\u003c/p\u003e\n"],["\u003cp\u003eThere is also a \u003ccode\u003eUnspecified\u003c/code\u003e purpose for keys, meaning they have no cryptographic purpose defined.\u003c/p\u003e\n"],["\u003cp\u003eThe namespace for this documentation is \u003ccode\u003eGoogle.Cloud.Kms.V1\u003c/code\u003e, contained within the \u003ccode\u003eGoogle.Cloud.Kms.V1.dll\u003c/code\u003e assembly.\u003c/p\u003e\n"]]],[],null,[]]