Package com.google.privacy.dlp.v2

Class CryptoReplaceFfxFpeConfig

  • All Implemented Interfaces:
    CryptoReplaceFfxFpeConfigOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable
    public final class CryptoReplaceFfxFpeConfig
extends com.google.protobuf.GeneratedMessageV3
implements CryptoReplaceFfxFpeConfigOrBuilder
     Replaces an identifier with a surrogate using Format Preserving Encryption
 (FPE) with the FFX mode of operation; however when used in the
 `ReidentifyContent` API method, it serves the opposite function by reversing
 the surrogate back into the original identifier. The identifier must be
 encoded as ASCII. For a given crypto key and context, the same identifier
 will be replaced with the same surrogate. Identifiers must be at least two
 characters long. In the case that the identifier is the empty string, it will
 be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
 more.

 Note: We recommend using  CryptoDeterministicConfig for all use cases which
 do not require preserving the input alphabet space and size, plus warrant
 referential integrity.
    Protobuf type google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig
    See Also:
    Serialized Form

    • Field Detail

      • CRYPTO_KEY_FIELD_NUMBER

        public static final int CRYPTO_KEY_FIELD_NUMBER
        See Also:
        Constant Field Values

      • COMMON_ALPHABET_FIELD_NUMBER

        public static final int COMMON_ALPHABET_FIELD_NUMBER
        See Also:
        Constant Field Values

      • CUSTOM_ALPHABET_FIELD_NUMBER

        public static final int CUSTOM_ALPHABET_FIELD_NUMBER
        See Also:
        Constant Field Values

      • SURROGATE_INFO_TYPE_FIELD_NUMBER

        public static final int SURROGATE_INFO_TYPE_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • hasCryptoKey

        public boolean hasCryptoKey()
         Required. The key used by the encryption algorithm.
        .google.privacy.dlp.v2.CryptoKey crypto_key = 1 [(.google.api.field_behavior) = REQUIRED];
        Specified by:
        hasCryptoKey in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        Whether the cryptoKey field is set.

      • getCryptoKey

        public CryptoKey getCryptoKey()
         Required. The key used by the encryption algorithm.
        .google.privacy.dlp.v2.CryptoKey crypto_key = 1 [(.google.api.field_behavior) = REQUIRED];
        Specified by:
        getCryptoKey in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        The cryptoKey.

      • hasContext

        public boolean hasContext()
         The 'tweak', a context may be used for higher security since the same
 identifier in two different contexts won't be given the same surrogate. If
 the context is not set, a default tweak will be used.

 If the context is set but:

 1. there is no record present when transforming a given value or
 1. the field is not present when transforming a given value,

 a default tweak will be used.

 Note that case (1) is expected when an `InfoTypeTransformation` is
 applied to both structured and unstructured `ContentItem`s.
 Currently, the referenced field may be of value type integer or string.

 The tweak is constructed as a sequence of bytes in big endian byte order
 such that:

 - a 64 bit integer is encoded followed by a single byte of value 1
 - a string is encoded in UTF-8 format followed by a single byte of value 2
        .google.privacy.dlp.v2.FieldId context = 2;
        Specified by:
        hasContext in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        Whether the context field is set.

      • getContext

        public FieldId getContext()
         The 'tweak', a context may be used for higher security since the same
 identifier in two different contexts won't be given the same surrogate. If
 the context is not set, a default tweak will be used.

 If the context is set but:

 1. there is no record present when transforming a given value or
 1. the field is not present when transforming a given value,

 a default tweak will be used.

 Note that case (1) is expected when an `InfoTypeTransformation` is
 applied to both structured and unstructured `ContentItem`s.
 Currently, the referenced field may be of value type integer or string.

 The tweak is constructed as a sequence of bytes in big endian byte order
 such that:

 - a 64 bit integer is encoded followed by a single byte of value 1
 - a string is encoded in UTF-8 format followed by a single byte of value 2
        .google.privacy.dlp.v2.FieldId context = 2;
        Specified by:
        getContext in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        The context.

      • getContextOrBuilder

        public FieldIdOrBuilder getContextOrBuilder()
         The 'tweak', a context may be used for higher security since the same
 identifier in two different contexts won't be given the same surrogate. If
 the context is not set, a default tweak will be used.

 If the context is set but:

 1. there is no record present when transforming a given value or
 1. the field is not present when transforming a given value,

 a default tweak will be used.

 Note that case (1) is expected when an `InfoTypeTransformation` is
 applied to both structured and unstructured `ContentItem`s.
 Currently, the referenced field may be of value type integer or string.

 The tweak is constructed as a sequence of bytes in big endian byte order
 such that:

 - a 64 bit integer is encoded followed by a single byte of value 1
 - a string is encoded in UTF-8 format followed by a single byte of value 2
        .google.privacy.dlp.v2.FieldId context = 2;
        Specified by:
        getContextOrBuilder in interface CryptoReplaceFfxFpeConfigOrBuilder

      • hasCommonAlphabet

        public boolean hasCommonAlphabet()
         Common alphabets.
        .google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet common_alphabet = 4;
        Specified by:
        hasCommonAlphabet in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        Whether the commonAlphabet field is set.

      • getCommonAlphabetValue

        public int getCommonAlphabetValue()
         Common alphabets.
        .google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet common_alphabet = 4;
        Specified by:
        getCommonAlphabetValue in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        The enum numeric value on the wire for commonAlphabet.

      • hasCustomAlphabet

        public boolean hasCustomAlphabet()
         This is supported by mapping these to the alphanumeric characters
 that the FFX mode natively supports. This happens before/after
 encryption/decryption.
 Each character listed must appear only once.
 Number of characters must be in the range [2, 95].
 This must be encoded as ASCII.
 The order of characters does not matter.
 The full list of allowed characters is:
 <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
 ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
        string custom_alphabet = 5;
        Specified by:
        hasCustomAlphabet in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        Whether the customAlphabet field is set.

      • getCustomAlphabet

        public String getCustomAlphabet()
         This is supported by mapping these to the alphanumeric characters
 that the FFX mode natively supports. This happens before/after
 encryption/decryption.
 Each character listed must appear only once.
 Number of characters must be in the range [2, 95].
 This must be encoded as ASCII.
 The order of characters does not matter.
 The full list of allowed characters is:
 <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
 ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
        string custom_alphabet = 5;
        Specified by:
        getCustomAlphabet in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        The customAlphabet.

      • getCustomAlphabetBytes

        public com.google.protobuf.ByteString getCustomAlphabetBytes()
         This is supported by mapping these to the alphanumeric characters
 that the FFX mode natively supports. This happens before/after
 encryption/decryption.
 Each character listed must appear only once.
 Number of characters must be in the range [2, 95].
 This must be encoded as ASCII.
 The order of characters does not matter.
 The full list of allowed characters is:
 <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
 ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
        string custom_alphabet = 5;
        Specified by:
        getCustomAlphabetBytes in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        The bytes for customAlphabet.

      • hasRadix

        public boolean hasRadix()
         The native way to select the alphabet. Must be in the range [2, 95].
        int32 radix = 6;
        Specified by:
        hasRadix in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        Whether the radix field is set.

      • getRadix

        public int getRadix()
         The native way to select the alphabet. Must be in the range [2, 95].
        int32 radix = 6;
        Specified by:
        getRadix in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        The radix.

      • hasSurrogateInfoType

        public boolean hasSurrogateInfoType()
         The custom infoType to annotate the surrogate with.
 This annotation will be applied to the surrogate by prefixing it with
 the name of the custom infoType followed by the number of
 characters comprising the surrogate. The following scheme defines the
 format: info_type_name(surrogate_character_count):surrogate

 For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
 the surrogate is 'abc', the full replacement value
 will be: 'MY_TOKEN_INFO_TYPE(3):abc'

 This annotation identifies the surrogate when inspecting content using the
 custom infoType
 [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
 This facilitates reversal of the surrogate when it occurs in free text.

 In order for inspection to work properly, the name of this infoType must
 not occur naturally anywhere in your data; otherwise, inspection may
 find a surrogate that does not correspond to an actual identifier.
 Therefore, choose your custom infoType name carefully after considering
 what your data looks like. One way to select a name that has a high chance
 of yielding reliable detection is to include one or more unicode characters
 that are highly improbable to exist in your data.
 For example, assuming your data is entered from a regular ASCII keyboard,
 the symbol with the hex code point 29DD might be used like so:
 ⧝MY_TOKEN_TYPE
        .google.privacy.dlp.v2.InfoType surrogate_info_type = 8;
        Specified by:
        hasSurrogateInfoType in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        Whether the surrogateInfoType field is set.

      • getSurrogateInfoType

        public InfoType getSurrogateInfoType()
         The custom infoType to annotate the surrogate with.
 This annotation will be applied to the surrogate by prefixing it with
 the name of the custom infoType followed by the number of
 characters comprising the surrogate. The following scheme defines the
 format: info_type_name(surrogate_character_count):surrogate

 For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
 the surrogate is 'abc', the full replacement value
 will be: 'MY_TOKEN_INFO_TYPE(3):abc'

 This annotation identifies the surrogate when inspecting content using the
 custom infoType
 [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
 This facilitates reversal of the surrogate when it occurs in free text.

 In order for inspection to work properly, the name of this infoType must
 not occur naturally anywhere in your data; otherwise, inspection may
 find a surrogate that does not correspond to an actual identifier.
 Therefore, choose your custom infoType name carefully after considering
 what your data looks like. One way to select a name that has a high chance
 of yielding reliable detection is to include one or more unicode characters
 that are highly improbable to exist in your data.
 For example, assuming your data is entered from a regular ASCII keyboard,
 the symbol with the hex code point 29DD might be used like so:
 ⧝MY_TOKEN_TYPE
        .google.privacy.dlp.v2.InfoType surrogate_info_type = 8;
        Specified by:
        getSurrogateInfoType in interface CryptoReplaceFfxFpeConfigOrBuilder
        Returns:
        The surrogateInfoType.

      • getSurrogateInfoTypeOrBuilder

        public InfoTypeOrBuilder getSurrogateInfoTypeOrBuilder()
         The custom infoType to annotate the surrogate with.
 This annotation will be applied to the surrogate by prefixing it with
 the name of the custom infoType followed by the number of
 characters comprising the surrogate. The following scheme defines the
 format: info_type_name(surrogate_character_count):surrogate

 For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
 the surrogate is 'abc', the full replacement value
 will be: 'MY_TOKEN_INFO_TYPE(3):abc'

 This annotation identifies the surrogate when inspecting content using the
 custom infoType
 [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
 This facilitates reversal of the surrogate when it occurs in free text.

 In order for inspection to work properly, the name of this infoType must
 not occur naturally anywhere in your data; otherwise, inspection may
 find a surrogate that does not correspond to an actual identifier.
 Therefore, choose your custom infoType name carefully after considering
 what your data looks like. One way to select a name that has a high chance
 of yielding reliable detection is to include one or more unicode characters
 that are highly improbable to exist in your data.
 For example, assuming your data is entered from a regular ASCII keyboard,
 the symbol with the hex code point 29DD might be used like so:
 ⧝MY_TOKEN_TYPE
        .google.privacy.dlp.v2.InfoType surrogate_info_type = 8;
        Specified by:
        getSurrogateInfoTypeOrBuilder in interface CryptoReplaceFfxFpeConfigOrBuilder

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static CryptoReplaceFfxFpeConfig parseFrom​(ByteBuffer data)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoReplaceFfxFpeConfig parseFrom​(ByteBuffer data,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoReplaceFfxFpeConfig parseFrom​(com.google.protobuf.ByteString data)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoReplaceFfxFpeConfig parseFrom​(com.google.protobuf.ByteString data,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoReplaceFfxFpeConfig parseFrom​(byte[] data)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CryptoReplaceFfxFpeConfig parseFrom​(byte[] data,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • newBuilderForType

        public CryptoReplaceFfxFpeConfig.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public CryptoReplaceFfxFpeConfig.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected CryptoReplaceFfxFpeConfig.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getParserForType

        public com.google.protobuf.Parser<CryptoReplaceFfxFpeConfig> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public CryptoReplaceFfxFpeConfig getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder