0

I have been looking across the different HSM provides alike Azure, AWS, IBM and Google but I haven't find any documentation about google HSM explicitely supporting 3DES keys.

However I can see the type 

"CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED"

in https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm

This type is used to create a key in the KMS.

Does Google KMS HSM support 3DES?

Lorenzo SU
  • 45
  • 2
  • 5

2 Answers2

1

I recommend that you upvote the existing feature request for 3DES here: https://issuetracker.google.com/issues/123697325 (simply click the star).

Next, could you explain whether 3DES would be sufficient to satisfy your use case? I would expect that there may be other requirements beyond 3DES such as DUKPT that you may require for your use case.

Il-Sung Lee
  • 11
  • 1
0

It does not support 3DES as a key type you can create and use at this time. We'd be interested to know more about why you would want 3DES.

Tim Dierks
  • 2,168
  • 15
  • 28
  • We need 3DES encryption for POS PIN translation. A process similar to this: [link](https://madrock.net/tag/dukpt/) So we need a HSM service that cyphers the PIN with 3DES. So much thanks for answering. – Lorenzo SU Oct 28 '19 at 20:25
  • If there is any way for getting 3DES encription from GCloud KMS HSM please let us know. – Lorenzo SU Oct 28 '19 at 20:37
  • Thanks for the info on your use case! If you don't absolutely need the key protected by an HSM, you can do the 3DES in software. Alternately, we can discuss how to rack your own HSM close to Google Cloud so you can use it to secure the key. – Tim Dierks Oct 29 '19 at 14:00