privatekeysign and privatekeydecrypt actions
-
privatekeysign: a privatekeysign request has been made. This is the case each time an email is signed for encryption.
-
privatekeydecrypt: a privatekydecrypt request has been made. This is the case every time an encrypted email is decrypted.
These actions generate an "info" severity log in the event of success, or a "crit" severity log in the event of an error.
The log fields for these actions are as follows:
|
Field |
Description |
Type |
Mandatory/ |
|---|---|---|---|
|
tenant_id |
Tenant identifier. Example: 025f02fe-bee2-444b-bf76-b5ead30327c0 |
String in uuid v4 format | Mandatory |
|
reason |
Additional context about the operation. Example: Reason of the request |
String | Mandatory |
|
|
User's email address. Example: alice.dupont@gmail.com |
String | Mandatory |
| google_email |
User's Google account email address. This field is always absent in the case of a digest action. Example: alice.google@gmail.com |
String |
Optional |
| google_application |
Google Workspace application concerned by the operation. Prescribed values:
|
String | Mandatory |
| resource_name |
Resource identifier. Example: //googleapis.com/drive/files/1OJsaKJM5JES1yi79QCKx-13wOR1i8JPU" |
String | Mandatory |
| kek_id |
Identifier of the KEK used. Example: ed7e4c13-6199-30a3-7bce-1c82a9e31e21 |
String | Mandatory |
| perimeter_id |
Identifier for additional verification of authentication and authorization requests. Example: Perimeter_id of the request |
String | Mandatory |
| message_id |
Identifier of the message on which the signature or decryption operation has been performed. Example: <CADBpGcUzg2iGuYyRoGkQg4F8sHXNoQtxbSxS7OiyJgvpDb0g |
String | Mandatory |
| spki_hash_base64 |
Base64 digest of the private key. Example: EUVOiaJF1j3cfQnp6IaGjmFr5bSdarcicOAoSG9RJWI= |
String | Mandatory |
| spki_hash_algorithm |
Encryption algorithm used. Prescribed value:
|
String | Mandatory |
| private_key_used_algorithm |
Encryption algorithms used in this operation. Example: RSA/ECB/PKCS1Padding |
String | Mandatory |
| private_key_supported_algorithms |
Encryption and signature algorithms supported by this key. Example: "["RSA/ECB/PKCS1Padding","SHA1withRSA", |
String | Mandatory |
| private_key_mode |
Type of private key used during the operation. Prescribed values:
|
String | Mandatory |
Example of logs for the successful privatekeysign action:
{
"tenant_id":"025f02fe-bee2-444b-bf76-b5ead30327c0",
"reason":"reason of the request",
"google_application": "gmail",
"email":"alice@gmail.com",
"google_email": "alice.google@gmail.com",
"resource_name": "resource name for this request",
"perimeter_id": "perimeter id for the request",
"kek_id": "ed7e4c13-6199-30a3-7bce-1c82a9e31e21",
"spki_hash_base64": "EUVOiaJF1j3cfQnp6IaGjmFr5bSdarcicOAoSG9RJWI=",
"spki_hash_algorithm": "SHA-256",
"message_id": "Message id of the request",
"private_key_used_algorithm": "SHA256withRSA",
"private_key_supported_algorithms": "["RSA/ECB/PKCS1Padding","SHA1withRSA","SHA256withRSA"]",
"private_key_mode": "private-key-pem|private-key-name"
}
Example of logs for the successful privatekeydecrypt action:
{
"tenant_id":"025f02fe-bee2-444b-bf76-b5ead30327c0",
"reason":"reason of the request",
"google_application": "gmail",
"email":"alice@gmail.com",
"google_email": "alice.google@gmail.com",
"resource_name": "resource name for this request",
"perimeter_id": "perimeter id for the request",
"kek_id": "ed7e4c13-6199-30a3-7bce-1c82a9e31e21",
"spki_hash_base64": "EUVOiaJF1j3cfQnp6IaGjmFr5bSdarcicOAoSG9RJWI=",
"spki_hash_algorithm": "SHA-256",
"message_id": "Message id of the request",
"private_key_used_algorithm": "RSA/ECB/PKCS1Padding",
"private_key_supported_algorithms": "["RSA/ECB/PKCS1Padding","SHA1withRSA","SHA256withRSA"]",
"private_key_mode": "private-key-pem|private-key-name"
}