Package com.google.privacy.dlp.v2

Class CryptoDeterministicConfig

  • All Implemented Interfaces:
    CryptoDeterministicConfigOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable
    public final class CryptoDeterministicConfig
extends com.google.protobuf.GeneratedMessageV3
implements CryptoDeterministicConfigOrBuilder
     Pseudonymization method that generates deterministic encryption for the given
 input. Outputs a base64 encoded representation of the encrypted output.
 Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
    Protobuf type google.privacy.dlp.v2.CryptoDeterministicConfig
    See Also:
    Serialized Form

    • Field Detail

      • CRYPTO_KEY_FIELD_NUMBER

        public static final int CRYPTO_KEY_FIELD_NUMBER
        See Also:
        Constant Field Values

      • SURROGATE_INFO_TYPE_FIELD_NUMBER

        public static final int SURROGATE_INFO_TYPE_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • hasCryptoKey

        public boolean hasCryptoKey()
         The key used by the encryption function. For deterministic encryption
 using AES-SIV, the provided key is internally expanded to 64 bytes prior to
 use.
        .google.privacy.dlp.v2.CryptoKey crypto_key = 1;
        Specified by:
        hasCryptoKey in interface CryptoDeterministicConfigOrBuilder
        Returns:
        Whether the cryptoKey field is set.

      • getCryptoKey

        public CryptoKey getCryptoKey()
         The key used by the encryption function. For deterministic encryption
 using AES-SIV, the provided key is internally expanded to 64 bytes prior to
 use.
        .google.privacy.dlp.v2.CryptoKey crypto_key = 1;
        Specified by:
        getCryptoKey in interface CryptoDeterministicConfigOrBuilder
        Returns:
        The cryptoKey.

      • hasSurrogateInfoType

        public boolean hasSurrogateInfoType()
         The custom info type to annotate the surrogate with.
 This annotation will be applied to the surrogate by prefixing it with
 the name of the custom info type followed by the number of
 characters comprising the surrogate. The following scheme defines the
 format: {info type name}({surrogate character count}):{surrogate}

 For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
 the surrogate is 'abc', the full replacement value
 will be: 'MY_TOKEN_INFO_TYPE(3):abc'

 This annotation identifies the surrogate when inspecting content using the
 custom info type 'Surrogate'. This facilitates reversal of the
 surrogate when it occurs in free text.

 Note: For record transformations where the entire cell in a table is being
 transformed, surrogates are not mandatory. Surrogates are used to denote
 the location of the token and are necessary for re-identification in free
 form text.

 In order for inspection to work properly, the name of this info type must
 not occur naturally anywhere in your data; otherwise, inspection may either

 - reverse a surrogate that does not correspond to an actual identifier
 - be unable to parse the surrogate and result in an error

 Therefore, choose your custom info type name carefully after considering
 what your data looks like. One way to select a name that has a high chance
 of yielding reliable detection is to include one or more unicode characters
 that are highly improbable to exist in your data.
 For example, assuming your data is entered from a regular ASCII keyboard,
 the symbol with the hex code point 29DD might be used like so:
 ⧝MY_TOKEN_TYPE.
        .google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
        Specified by:
        hasSurrogateInfoType in interface CryptoDeterministicConfigOrBuilder
        Returns:
        Whether the surrogateInfoType field is set.

      • getSurrogateInfoType

        public InfoType getSurrogateInfoType()
         The custom info type to annotate the surrogate with.
 This annotation will be applied to the surrogate by prefixing it with
 the name of the custom info type followed by the number of
 characters comprising the surrogate. The following scheme defines the
 format: {info type name}({surrogate character count}):{surrogate}

 For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
 the surrogate is 'abc', the full replacement value
 will be: 'MY_TOKEN_INFO_TYPE(3):abc'

 This annotation identifies the surrogate when inspecting content using the
 custom info type 'Surrogate'. This facilitates reversal of the
 surrogate when it occurs in free text.

 Note: For record transformations where the entire cell in a table is being
 transformed, surrogates are not mandatory. Surrogates are used to denote
 the location of the token and are necessary for re-identification in free
 form text.

 In order for inspection to work properly, the name of this info type must
 not occur naturally anywhere in your data; otherwise, inspection may either

 - reverse a surrogate that does not correspond to an actual identifier
 - be unable to parse the surrogate and result in an error

 Therefore, choose your custom info type name carefully after considering
 what your data looks like. One way to select a name that has a high chance
 of yielding reliable detection is to include one or more unicode characters
 that are highly improbable to exist in your data.
 For example, assuming your data is entered from a regular ASCII keyboard,
 the symbol with the hex code point 29DD might be used like so:
 ⧝MY_TOKEN_TYPE.
        .google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
        Specified by:
        getSurrogateInfoType in interface CryptoDeterministicConfigOrBuilder
        Returns:
        The surrogateInfoType.

      • getSurrogateInfoTypeOrBuilder

        public InfoTypeOrBuilder getSurrogateInfoTypeOrBuilder()
         The custom info type to annotate the surrogate with.
 This annotation will be applied to the surrogate by prefixing it with
 the name of the custom info type followed by the number of
 characters comprising the surrogate. The following scheme defines the
 format: {info type name}({surrogate character count}):{surrogate}

 For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
 the surrogate is 'abc', the full replacement value
 will be: 'MY_TOKEN_INFO_TYPE(3):abc'

 This annotation identifies the surrogate when inspecting content using the
 custom info type 'Surrogate'. This facilitates reversal of the
 surrogate when it occurs in free text.

 Note: For record transformations where the entire cell in a table is being
 transformed, surrogates are not mandatory. Surrogates are used to denote
 the location of the token and are necessary for re-identification in free
 form text.

 In order for inspection to work properly, the name of this info type must
 not occur naturally anywhere in your data; otherwise, inspection may either

 - reverse a surrogate that does not correspond to an actual identifier
 - be unable to parse the surrogate and result in an error

 Therefore, choose your custom info type name carefully after considering
 what your data looks like. One way to select a name that has a high chance
 of yielding reliable detection is to include one or more unicode characters
 that are highly improbable to exist in your data.
 For example, assuming your data is entered from a regular ASCII keyboard,
 the symbol with the hex code point 29DD might be used like so:
 ⧝MY_TOKEN_TYPE.
        .google.privacy.dlp.v2.InfoType surrogate_info_type = 2;
        Specified by:
        getSurrogateInfoTypeOrBuilder in interface CryptoDeterministicConfigOrBuilder

      • hasContext

        public boolean hasContext()
         A context may be used for higher security and maintaining
 referential integrity such that the same identifier in two different
 contexts will be given a distinct surrogate. The context is appended to
 plaintext value being encrypted. On decryption the provided context is
 validated against the value used during encryption. If a context was
 provided during encryption, same context must be provided during decryption
 as well.

 If the context is not set, plaintext would be used as is for encryption.
 If the context is set but:

 1. there is no record present when transforming a given value or
 2. the field is not present when transforming a given value,

 plaintext would be used as is for encryption.

 Note that case (1) is expected when an `InfoTypeTransformation` is
 applied to both structured and unstructured `ContentItem`s.
        .google.privacy.dlp.v2.FieldId context = 3;
        Specified by:
        hasContext in interface CryptoDeterministicConfigOrBuilder
        Returns:
        Whether the context field is set.

      • getContext

        public FieldId getContext()
         A context may be used for higher security and maintaining
 referential integrity such that the same identifier in two different
 contexts will be given a distinct surrogate. The context is appended to
 plaintext value being encrypted. On decryption the provided context is
 validated against the value used during encryption. If a context was
 provided during encryption, same context must be provided during decryption
 as well.

 If the context is not set, plaintext would be used as is for encryption.
 If the context is set but:

 1. there is no record present when transforming a given value or
 2. the field is not present when transforming a given value,

 plaintext would be used as is for encryption.

 Note that case (1) is expected when an `InfoTypeTransformation` is
 applied to both structured and unstructured `ContentItem`s.
        .google.privacy.dlp.v2.FieldId context = 3;
        Specified by:
        getContext in interface CryptoDeterministicConfigOrBuilder
        Returns:
        The context.

      • getContextOrBuilder

        public FieldIdOrBuilder getContextOrBuilder()
         A context may be used for higher security and maintaining
 referential integrity such that the same identifier in two different
 contexts will be given a distinct surrogate. The context is appended to
 plaintext value being encrypted. On decryption the provided context is
 validated against the value used during encryption. If a context was
 provided during encryption, same context must be provided during decryption
 as well.

 If the context is not set, plaintext would be used as is for encryption.
 If the context is set but:

 1. there is no record present when transforming a given value or
 2. the field is not present when transforming a given value,

 plaintext would be used as is for encryption.

 Note that case (1) is expected when an `InfoTypeTransformation` is
 applied to both structured and unstructured `ContentItem`s.
        .google.privacy.dlp.v2.FieldId context = 3;
        Specified by:
        getContextOrBuilder in interface CryptoDeterministicConfigOrBuilder

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static CryptoDeterministicConfig parseFrom​(ByteBuffer data)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoDeterministicConfig parseFrom​(ByteBuffer data,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoDeterministicConfig parseFrom​(com.google.protobuf.ByteString data)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoDeterministicConfig parseFrom​(com.google.protobuf.ByteString data,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoDeterministicConfig parseFrom​(byte[] data)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoDeterministicConfig parseFrom​(byte[] data,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • newBuilderForType

        public CryptoDeterministicConfig.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public CryptoDeterministicConfig.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected CryptoDeterministicConfig.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getParserForType

        public com.google.protobuf.Parser<CryptoDeterministicConfig> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public CryptoDeterministicConfig getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder