Get an object's encryption information
Gets an object's encryption information.
You must haveREAD permission to get an object's encryptioninformation.
Query string parameters
| Parameter | Description | Required |
|---|---|---|
encryption | You can use this parameter to determine the type of encryption used on an object. If theencryption type is customer-managed or customer-supplied, this parameter also provides an identifier for the specific encryption key that was used. | No |
Seesigned URL query string parameters for information on the parametersyou include when creating and usingsigned URLs.
Request headers
Request body elements
This request does not include an XML document in the request body.
Request syntax
The following syntax applies to GET Object requests that use theencryption query string parameter.
GET /OBJECT_NAME?encryption HTTP/1.1Host:BUCKET_NAME.storage.googleapis.comContent-Length: 0Content-Type:TYPEAuthorization:AUTHENTICATION_STRING
Response headers
The request can return a variety of response headers depending on the requestheaders you use, including:Cache-Control,Content-Length,Content-Type,Content-Disposition,ETag, andLast-Modified.
Response body elements
The following response body elements are applicable only if you use theencryption query string parameter.
| Element | Description |
|---|---|
Encryption | Container for the object's encryption information. |
KmsKeyName | Name of the Cloud Key Management Service key resource used to encrypt the object. Available only when the object is encrypted by acustomer-managed encryption key. |
CustomerEncryption | Container for customer-supplied encryption information. Available only when the object is encrypted by acustomer-supplied encryption key. |
EncryptionAlgorithm | The encryption algorithm in use for the customer-supplied encryption key. |
KeySha256 | AnRFC 4648 base64-encoded string of the SHA256 hash for the customer-supplied encryption key. |
Examples
The following example retrieves the encryption information for an object namedtokyo.jpg encrypted by a customer-managed encryption key.
Request
GET /tokyo.jpg?encryption HTTP/1.1Host: travel-maps.storage.googleapis.comContent-Length: 0Authorization: Bearer ya29.AHES6ZRVmB7fkLtd1XTmq6mo0S1wqZZi3-Lh_s-6Uw7p8vtgSwg
Response
HTTP/1.1 200 OKContent-Length: 164Content-Type: application/xml; charset=UTF-8Date: Tue, 01 Nov 2016 17:12:32 GMT<?xml version="1.0" encoding="UTF-8"?><Encryption> <KmsKeyName> projects/my-project/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME </KmsKeyName></Encryption>
The following example retrieves the encryption information for an object namedparis.jpg encrypted by a customer-supplied encryption key.
Request
GET /paris.jpg?encryption HTTP/1.1Host: travel-maps.storage.googleapis.comContent-Length: 0Authorization: Bearer ya29.AHES6ZRVmB7fkLtd1XTmq6mo0S1wqZZi3-Lh_s-6Uw7p8vtgSwg
Response
HTTP/1.1 200 OKContent-Length: 220Content-Type: application/xml; charset=UTF-8Date: Tue, 01 Nov 2016 17:12:32 GMT<?xml version="1.0" encoding="UTF-8"?><Encryption> <CustomerEncryption> <EncryptionAlgorithm>AES256</EncryptionAlgorithm> <KeySha256>Vb/C17P2fk35hguiD/pdLoXJk2j2NlmWmUmnOPsLtfA=</KeySha256> </CustomerEncryption></Encryption>
The following example retrieves the encryption information for an object namedlondon.jpg not encrypted by a customer-supplied encryption key.
Request
GET /london.jpg?encryption HTTP/1.1Host: travel-maps.storage.googleapis.comContent-Length: 0Authorization: Bearer ya29.AHES6ZRVmB7fkLtd1XTmq6mo0S1wqZZi3-Lh_s-6Uw7p8vtgSwg
Response
HTTP/1.1 200 OKContent-Length: 51Content-Type: application/xml; charset=UTF-8Date: Tue, 01 Nov 2016 20:35:29 GMT<?xml version="1.0" encoding="UTF-8"?><Encryption/>
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-17 UTC.