Referensi Google Workspace CSE API
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
API Enkripsi sisi klien (CSE) Google Workspace memungkinkan Anda memiliki
kunci enkripsi yang digunakan untuk mengenkripsi lebih lanjut data Google Workspace.
Metode
| Metode |
delegate |
POST https://KACLS_URL/delegate
Memungkinkan pengguna pertama mendelegasikan permintaan kepada pengguna kedua. |
digest |
POST https://KACLS_URL/digest
Menampilkan checksum DEK yang tidak terbungkus. |
privatekeydecrypt |
POST https://KACLS_URL/privatekeydecrypt
Membuka kunci pribadi yang di-wrap, lalu mendekripsi kunci enkripsi konten yang dienkripsi ke kunci publik. |
privatekeysign |
POST https://KACLS_URL/privatekeysign
Membuka kunci pribadi yang dienkapsulasi, lalu menandatangani ringkasan yang diberikan oleh klien.
|
privilegedprivatekeydecrypt |
POST https://KACLS_URL/privilegedprivatekeydecrypt
Mendekripsi tanpa memeriksa ACL kunci pribadi yang dienkapsulasi. |
privilegedunwrap |
POST https://KACLS_URL/privilegedunwrap
Mendekripsi data yang diekspor dari Google dalam konteks yang memiliki hak istimewa. |
privilegedwrap |
POST https://KACLS_URL/privilegedwrap
Menampilkan Kunci Enkripsi Data (DEK) gabungan dan data terkait. |
rewrap |
POST https://KACLS_URL/rewrap
Melakukan enkripsi ulang DEK terenkripsi. |
status |
GET https://KACLS_URL/status
Memeriksa status Layanan Daftar Kontrol Akses Kunci (KACLS). |
unwrap |
POST https://KACLS_URL/unwrap
Menampilkan DEK yang didekripsi. |
wrap |
POST https://KACLS_URL/wrap
Menampilkan DEK terenkripsi dan data terkait. |
wrapprivatekey |
POST https://KACLS_URL/wrapprivatekey
Membungkus kunci pribadi pengguna. |
Token
| Token |
Authorization |
JWT yang dikeluarkan oleh Google untuk memverifikasi bahwa pemanggil diizinkan untuk mengenkripsi atau mendekripsi resource.
|
Authentication |
JWT yang dikeluarkan oleh penyedia identitas yang membuktikan identitas pengguna.
|
Lainnya
Kecuali dinyatakan lain, konten di halaman ini dilisensikan berdasarkan Lisensi Creative Commons Attribution 4.0, sedangkan contoh kode dilisensikan berdasarkan Lisensi Apache 2.0. Untuk mengetahui informasi selengkapnya, lihat Kebijakan Situs Google Developers. Java adalah merek dagang terdaftar dari Oracle dan/atau afiliasinya.
Terakhir diperbarui pada 2025-07-26 UTC.
[null,null,["Terakhir diperbarui pada 2025-07-26 UTC."],[[["\u003cp\u003eThe Google Workspace Client-side Encryption (CSE) API empowers you to manage your own encryption keys for enhanced security of Google Workspace data.\u003c/p\u003e\n"],["\u003cp\u003eThis API provides a comprehensive suite of methods for key management, including wrapping, unwrapping, encryption, decryption, and signing, offering granular control over your data protection.\u003c/p\u003e\n"],["\u003cp\u003eYou can leverage methods such as \u003ccode\u003ewrap\u003c/code\u003e and \u003ccode\u003eunwrap\u003c/code\u003e to encrypt and decrypt data encryption keys (DEKs), while \u003ccode\u003eprivatekeydecrypt\u003c/code\u003e allows for decryption using your private keys.\u003c/p\u003e\n"],["\u003cp\u003eAuthentication and authorization are handled through JWTs, ensuring secure access control to your encrypted data.\u003c/p\u003e\n"],["\u003cp\u003eExplore detailed documentation on methods, tokens, and error handling to effectively integrate the CSE API into your workflows.\u003c/p\u003e\n"]]],["The Google Workspace CSE API enables key ownership for encrypting Workspace data. Key actions include: `digest` to return checksums, `privatekeydecrypt` to decrypt keys, `privatekeysign` to sign digests, `unwrap`/`wrap` to decrypt/encrypt DEKs, `rewrap` to re-encrypt DEKs, `privileged` methods for special decryption/wrapping, `wrapprivatekey` to wrap a user's private key and `status` to check the Key Access Control List Service. It uses `Authorization` and `Authentication` JWT tokens and details structured error handling.\n"],null,["# Google Workspace CSE API Reference\n\nThe Google Workspace Client-side Encryption (CSE) API lets you own the\nencryption keys used to further encrypt Google Workspace data.\n\nMethods\n-------\n\n| Methods ||\n|----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| [delegate](/workspace/cse/reference/delegate) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/delegate` Allows a first user to delegate a request to a second user. |\n| [digest](/workspace/cse/reference/digest) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/digest` Returns the checksum of an unwrapped DEK. |\n| [privatekeydecrypt](/workspace/cse/reference/private-key-decrypt) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privatekeydecrypt` Unwraps a wrapped private key and then decrypts the content encryption key that is encrypted to the public key. |\n| [privatekeysign](/workspace/cse/reference/private-key-sign) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privatekeysign` Unwraps a wrapped private key and then signs the digest provided by the client. |\n| [privilegedprivatekeydecrypt](/workspace/cse/reference/privileged-private-key-decrypt) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privilegedprivatekeydecrypt` Decrypts without checking the wrapped private key ACL. |\n| [privilegedunwrap](/workspace/cse/reference/privileged-unwrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privilegedunwrap` Decrypts data exported from Google in a privileged context. |\n| [privilegedwrap](/workspace/cse/reference/privileged-wrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privilegedwrap` Returns a wrapped Data Encryption Key (DEK) and associated data. |\n| [rewrap](/workspace/cse/reference/rewrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/rewrap` Re-encrypts an encrypted DEK. |\n| [status](/workspace/cse/reference/status) | `GET https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/status` Checks the status of a Key Access Control List Service (KACLS). |\n| [unwrap](/workspace/cse/reference/unwrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/unwrap` Returns decrypted DEK. |\n| [wrap](/workspace/cse/reference/wrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/wrap` Returns encrypted DEK and associated data. |\n| [wrapprivatekey](/workspace/cse/reference/wrap-private-key) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/wrapprivatekey` Wraps a user's private key. |\n\nTokens\n------\n\n| Tokens ||\n|------------------------------------------------------------------|------------------------------------------------------------------------------------------------|\n| [Authorization](/workspace/cse/reference/authorization-tokens) | JWT issued by Google to verify that the caller is authorized to encrypt or decrypt a resource. |\n| [Authentication](/workspace/cse/reference/authentication-tokens) | JWT issued by the identity provider that attests user identity. |\n\nOther\n-----\n\n- \\[Resource key hash\\]\n- [Structured error replies](/workspace/cse/reference/structured-errors)"]]
