Google Workspace CSE API 參考資料
透過集合功能整理內容
你可以依據偏好儲存及分類內容。
Google Workspace 用戶端加密 (CSE) API 可讓您擁有加密金鑰,進一步加密 Google Workspace 資料。
方法
| 方法 |
delegate |
POST https://KACLS_URL/delegate
允許第一位使用者將要求委派給第二位使用者。 |
digest |
POST https://KACLS_URL/digest
傳回未封裝 DEK 的檢查碼。 |
privatekeydecrypt |
POST https://KACLS_URL/privatekeydecrypt
解開包裝的私密金鑰,然後解密以公開金鑰加密的內容加密金鑰。 |
privatekeysign |
POST https://KACLS_URL/privatekeysign
解開包裝的私密金鑰,然後簽署用戶端提供的摘要。
|
privilegedprivatekeydecrypt |
POST https://KACLS_URL/privilegedprivatekeydecrypt
解密時不會檢查包裝的私密金鑰 ACL。 |
privilegedunwrap |
POST https://KACLS_URL/privilegedunwrap
在具備權限的環境中解密從 Google 匯出的資料。 |
privilegedwrap |
POST https://KACLS_URL/privilegedwrap
傳回經過包裝的資料加密金鑰 (DEK) 和相關聯的資料。 |
rewrap |
POST https://KACLS_URL/rewrap
重新加密已加密的 DEK。 |
status |
GET https://KACLS_URL/status
檢查金鑰存取控制清單服務 (KACLS) 的狀態。 |
unwrap |
POST https://KACLS_URL/unwrap
傳回已解密的 DEK。 |
wrap |
POST https://KACLS_URL/wrap
傳回加密的 DEK 和相關聯的資料。 |
wrapprivatekey |
POST https://KACLS_URL/wrapprivatekey
包裝使用者的私密金鑰。 |
符記數
其他
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2025-07-26 (世界標準時間)。
[null,null,["上次更新時間:2025-07-26 (世界標準時間)。"],[[["\u003cp\u003eThe Google Workspace Client-side Encryption (CSE) API empowers you to manage your own encryption keys for enhanced security of Google Workspace data.\u003c/p\u003e\n"],["\u003cp\u003eThis API provides a comprehensive suite of methods for key management, including wrapping, unwrapping, encryption, decryption, and signing, offering granular control over your data protection.\u003c/p\u003e\n"],["\u003cp\u003eYou can leverage methods such as \u003ccode\u003ewrap\u003c/code\u003e and \u003ccode\u003eunwrap\u003c/code\u003e to encrypt and decrypt data encryption keys (DEKs), while \u003ccode\u003eprivatekeydecrypt\u003c/code\u003e allows for decryption using your private keys.\u003c/p\u003e\n"],["\u003cp\u003eAuthentication and authorization are handled through JWTs, ensuring secure access control to your encrypted data.\u003c/p\u003e\n"],["\u003cp\u003eExplore detailed documentation on methods, tokens, and error handling to effectively integrate the CSE API into your workflows.\u003c/p\u003e\n"]]],["The Google Workspace CSE API enables key ownership for encrypting Workspace data. Key actions include: `digest` to return checksums, `privatekeydecrypt` to decrypt keys, `privatekeysign` to sign digests, `unwrap`/`wrap` to decrypt/encrypt DEKs, `rewrap` to re-encrypt DEKs, `privileged` methods for special decryption/wrapping, `wrapprivatekey` to wrap a user's private key and `status` to check the Key Access Control List Service. It uses `Authorization` and `Authentication` JWT tokens and details structured error handling.\n"],null,["# Google Workspace CSE API Reference\n\nThe Google Workspace Client-side Encryption (CSE) API lets you own the\nencryption keys used to further encrypt Google Workspace data.\n\nMethods\n-------\n\n| Methods ||\n|----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| [delegate](/workspace/cse/reference/delegate) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/delegate` Allows a first user to delegate a request to a second user. |\n| [digest](/workspace/cse/reference/digest) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/digest` Returns the checksum of an unwrapped DEK. |\n| [privatekeydecrypt](/workspace/cse/reference/private-key-decrypt) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privatekeydecrypt` Unwraps a wrapped private key and then decrypts the content encryption key that is encrypted to the public key. |\n| [privatekeysign](/workspace/cse/reference/private-key-sign) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privatekeysign` Unwraps a wrapped private key and then signs the digest provided by the client. |\n| [privilegedprivatekeydecrypt](/workspace/cse/reference/privileged-private-key-decrypt) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privilegedprivatekeydecrypt` Decrypts without checking the wrapped private key ACL. |\n| [privilegedunwrap](/workspace/cse/reference/privileged-unwrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privilegedunwrap` Decrypts data exported from Google in a privileged context. |\n| [privilegedwrap](/workspace/cse/reference/privileged-wrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/privilegedwrap` Returns a wrapped Data Encryption Key (DEK) and associated data. |\n| [rewrap](/workspace/cse/reference/rewrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/rewrap` Re-encrypts an encrypted DEK. |\n| [status](/workspace/cse/reference/status) | `GET https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/status` Checks the status of a Key Access Control List Service (KACLS). |\n| [unwrap](/workspace/cse/reference/unwrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/unwrap` Returns decrypted DEK. |\n| [wrap](/workspace/cse/reference/wrap) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/wrap` Returns encrypted DEK and associated data. |\n| [wrapprivatekey](/workspace/cse/reference/wrap-private-key) | `POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/wrapprivatekey` Wraps a user's private key. |\n\nTokens\n------\n\n| Tokens ||\n|------------------------------------------------------------------|------------------------------------------------------------------------------------------------|\n| [Authorization](/workspace/cse/reference/authorization-tokens) | JWT issued by Google to verify that the caller is authorized to encrypt or decrypt a resource. |\n| [Authentication](/workspace/cse/reference/authentication-tokens) | JWT issued by the identity provider that attests user identity. |\n\nOther\n-----\n\n- \\[Resource key hash\\]\n- [Structured error replies](/workspace/cse/reference/structured-errors)"]]
