public ByteString AdditionalAuthenticatedData { get; set; }
Optional. Optional data that, if specified, must also be provided during
decryption through
[DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data].
The maximum size depends on the key version's
[protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE],
[EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and
[EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the
AAD must be no larger than 64KiB. For
[HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
the plaintext and additional_authenticated_data fields must be no larger
than 8KiB.
public long? AdditionalAuthenticatedDataCrc32C { get; set; }
Optional. An optional CRC32C checksum of the
[EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data].
If specified,
[KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
verify the integrity of the received
[EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]
using this checksum.
[KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
report an error if the checksum verification fails. If you receive a
checksum error, your client should verify that
CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data])
is equal to
[EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c],
and if so, perform a limited number of retries. A persistent mismatch may
indicate an issue in your computation of the CRC32C checksum. Note: This
field is defined as int64 for reasons of compatibility across different
languages. However, it is a non-negative integer, which will never exceed
2^32-1, and can be safely downconverted to uint32 in languages that support
this type.
Property Value
Type
Description
System.Int64
Name
public string Name { get; set; }
Required. The resource name of the
[CryptoKey][google.cloud.kms.v1.CryptoKey] or
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
encryption.
If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server
will use its [primary version][google.cloud.kms.v1.CryptoKey.primary].
Required. The data to encrypt. Must be no larger than 64KiB.
The maximum size depends on the key version's
[protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE],
[EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and
[EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the
plaintext must be no larger than 64KiB. For
[HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
the plaintext and additional_authenticated_data fields must be no larger
than 8KiB.
Optional. An optional CRC32C checksum of the
[EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext].
If specified,
[KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
verify the integrity of the received
[EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]
using this checksum.
[KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
report an error if the checksum verification fails. If you receive a
checksum error, your client should verify that
CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext])
is equal to
[EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c],
and if so, perform a limited number of retries. A persistent mismatch may
indicate an issue in your computation of the CRC32C checksum. Note: This
field is defined as int64 for reasons of compatibility across different
languages. However, it is a non-negative integer, which will never exceed
2^32-1, and can be safely downconverted to uint32 in languages that support
this type.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis document provides comprehensive reference information for the \u003ccode\u003eEncryptRequest\u003c/code\u003e class within the Google Cloud Key Management Service v1 API, covering versions from 2.2.0 up to the latest release, 3.16.0.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eEncryptRequest\u003c/code\u003e class is used to encapsulate the parameters needed for the \u003ccode\u003eKeyManagementService.Encrypt\u003c/code\u003e operation, which is part of Google Cloud KMS API.\u003c/p\u003e\n"],["\u003cp\u003eKey properties of \u003ccode\u003eEncryptRequest\u003c/code\u003e include \u003ccode\u003ePlaintext\u003c/code\u003e (the data to be encrypted), \u003ccode\u003eName\u003c/code\u003e (the resource name of the cryptographic key), and optional fields like \u003ccode\u003eAdditionalAuthenticatedData\u003c/code\u003e and their corresponding CRC32C checksums for data integrity verification.\u003c/p\u003e\n"],["\u003cp\u003eThe maximum size of plaintext data to be encrypted and any additional authenticated data depends on the protection level set for the key version being used, as noted in the documentation.\u003c/p\u003e\n"],["\u003cp\u003eThere are a range of versions available for the \u003ccode\u003eEncryptRequest\u003c/code\u003e class, the latest version being 3.16.0.\u003c/p\u003e\n"]]],[],null,["# Google Cloud Key Management Service v1 API - Class EncryptRequest (3.18.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.18.0 (latest)](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.17.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.17.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.16.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.16.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.15.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.15.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.14.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.14.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.13.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.13.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.12.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.12.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.11.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.11.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.10.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.10.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.9.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.9.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.8.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.8.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.7.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.7.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.6.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.6.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.5.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.5.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.4.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.4.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.3.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.2.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.1.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [3.0.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.0.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [2.9.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.9.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [2.8.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.8.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [2.7.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.7.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [2.6.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.6.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [2.5.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.5.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [2.4.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.4.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [2.3.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.3.0/Google.Cloud.Kms.V1.EncryptRequest)\n- [2.2.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.2.0/Google.Cloud.Kms.V1.EncryptRequest) \n\n public sealed class EncryptRequest : IMessage\u003cEncryptRequest\u003e, IEquatable\u003cEncryptRequest\u003e, IDeepCloneable\u003cEncryptRequest\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Google Cloud Key Management Service v1 API class EncryptRequest.\n\nRequest message for\n\\[KeyManagementService.Encrypt\\]\\[google.cloud.kms.v1.KeyManagementService.Encrypt\\]. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e EncryptRequest \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[EncryptRequest](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1.EncryptRequest), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[EncryptRequest](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1.EncryptRequest), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[EncryptRequest](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1.EncryptRequest), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Kms.V1](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Kms.V1.dll\n\nConstructors\n------------\n\n### EncryptRequest()\n\n public EncryptRequest()\n\n### EncryptRequest(EncryptRequest)\n\n public EncryptRequest(EncryptRequest other)\n\nProperties\n----------\n\n### AdditionalAuthenticatedData\n\n public ByteString AdditionalAuthenticatedData { get; set; }\n\nOptional. Optional data that, if specified, must also be provided during\ndecryption through\n\\[DecryptRequest.additional_authenticated_data\\]\\[google.cloud.kms.v1.DecryptRequest.additional_authenticated_data\\].\n\nThe maximum size depends on the key version's\n\\[protection_level\\]\\[google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level\\].\nFor \\[SOFTWARE\\]\\[google.cloud.kms.v1.ProtectionLevel.SOFTWARE\\],\n\\[EXTERNAL\\]\\[google.cloud.kms.v1.ProtectionLevel.EXTERNAL\\], and\n\\[EXTERNAL_VPC\\]\\[google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC\\] keys the\nAAD must be no larger than 64KiB. For\n\\[HSM\\]\\[google.cloud.kms.v1.ProtectionLevel.HSM\\] keys, the combined length of\nthe plaintext and additional_authenticated_data fields must be no larger\nthan 8KiB.\n\n### AdditionalAuthenticatedDataCrc32C\n\n public long? AdditionalAuthenticatedDataCrc32C { get; set; }\n\nOptional. An optional CRC32C checksum of the\n\\[EncryptRequest.additional_authenticated_data\\]\\[google.cloud.kms.v1.EncryptRequest.additional_authenticated_data\\].\nIf specified,\n\\[KeyManagementService\\]\\[google.cloud.kms.v1.KeyManagementService\\] will\nverify the integrity of the received\n\\[EncryptRequest.additional_authenticated_data\\]\\[google.cloud.kms.v1.EncryptRequest.additional_authenticated_data\\]\nusing this checksum.\n\\[KeyManagementService\\]\\[google.cloud.kms.v1.KeyManagementService\\] will\nreport an error if the checksum verification fails. If you receive a\nchecksum error, your client should verify that\nCRC32C(\\[EncryptRequest.additional_authenticated_data\\]\\[google.cloud.kms.v1.EncryptRequest.additional_authenticated_data\\])\nis equal to\n\\[EncryptRequest.additional_authenticated_data_crc32c\\]\\[google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c\\],\nand if so, perform a limited number of retries. A persistent mismatch may\nindicate an issue in your computation of the CRC32C checksum. Note: This\nfield is defined as int64 for reasons of compatibility across different\nlanguages. However, it is a non-negative integer, which will never exceed\n2\\^32-1, and can be safely downconverted to uint32 in languages that support\nthis type.\n\n### Name\n\n public string Name { get; set; }\n\nRequired. The resource name of the\n\\[CryptoKey\\]\\[google.cloud.kms.v1.CryptoKey\\] or\n\\[CryptoKeyVersion\\]\\[google.cloud.kms.v1.CryptoKeyVersion\\] to use for\nencryption.\n\nIf a \\[CryptoKey\\]\\[google.cloud.kms.v1.CryptoKey\\] is specified, the server\nwill use its \\[primary version\\]\\[google.cloud.kms.v1.CryptoKey.primary\\].\n\n### Plaintext\n\n public ByteString Plaintext { get; set; }\n\nRequired. The data to encrypt. Must be no larger than 64KiB.\n\nThe maximum size depends on the key version's\n\\[protection_level\\]\\[google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level\\].\nFor \\[SOFTWARE\\]\\[google.cloud.kms.v1.ProtectionLevel.SOFTWARE\\],\n\\[EXTERNAL\\]\\[google.cloud.kms.v1.ProtectionLevel.EXTERNAL\\], and\n\\[EXTERNAL_VPC\\]\\[google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC\\] keys, the\nplaintext must be no larger than 64KiB. For\n\\[HSM\\]\\[google.cloud.kms.v1.ProtectionLevel.HSM\\] keys, the combined length of\nthe plaintext and additional_authenticated_data fields must be no larger\nthan 8KiB.\n\n### PlaintextCrc32C\n\n public long? PlaintextCrc32C { get; set; }\n\nOptional. An optional CRC32C checksum of the\n\\[EncryptRequest.plaintext\\]\\[google.cloud.kms.v1.EncryptRequest.plaintext\\].\nIf specified,\n\\[KeyManagementService\\]\\[google.cloud.kms.v1.KeyManagementService\\] will\nverify the integrity of the received\n\\[EncryptRequest.plaintext\\]\\[google.cloud.kms.v1.EncryptRequest.plaintext\\]\nusing this checksum.\n\\[KeyManagementService\\]\\[google.cloud.kms.v1.KeyManagementService\\] will\nreport an error if the checksum verification fails. If you receive a\nchecksum error, your client should verify that\nCRC32C(\\[EncryptRequest.plaintext\\]\\[google.cloud.kms.v1.EncryptRequest.plaintext\\])\nis equal to\n\\[EncryptRequest.plaintext_crc32c\\]\\[google.cloud.kms.v1.EncryptRequest.plaintext_crc32c\\],\nand if so, perform a limited number of retries. A persistent mismatch may\nindicate an issue in your computation of the CRC32C checksum. Note: This\nfield is defined as int64 for reasons of compatibility across different\nlanguages. However, it is a non-negative integer, which will never exceed\n2\\^32-1, and can be safely downconverted to uint32 in languages that support\nthis type.\n\n### ResourceName\n\n public IResourceName ResourceName { get; set; }\n\n[IResourceName](https://cloud.google.com/dotnet/docs/reference/Google.Api.Gax/latest/Google.Api.Gax.IResourceName.html)-typed view over the [Name](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1.EncryptRequest#Google_Cloud_Kms_V1_EncryptRequest_Name) resource name property."]]
