diff --git a/java-confidentialcomputing/README.md b/java-confidentialcomputing/README.md
index 746a38f4a480..f0ec566d8cdf 100644
--- a/java-confidentialcomputing/README.md
+++ b/java-confidentialcomputing/README.md
@@ -23,7 +23,7 @@ If you are using Maven with [BOM][libraries-bom], add this to your pom.xml file:
- * Required. The binary signature payload following the SimpleSigning format + * Optional. The binary signature payload following the SimpleSigning format * https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing. * This payload includes the container image digest. ** - *
bytes payload = 1 [(.google.api.field_behavior) = REQUIRED];
+ * bytes payload = 1 [(.google.api.field_behavior) = OPTIONAL];
*
* @return The payload.
*/
@@ -92,7 +92,7 @@ public com.google.protobuf.ByteString getPayload() {
*
*
* - * Required. A signature over the payload. + * Optional. A signature over the payload. * The container image digest is incorporated into the signature as follows: * 1. Generate a SimpleSigning format payload that includes the container * image digest. @@ -101,7 +101,7 @@ public com.google.protobuf.ByteString getPayload() { * `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))` ** - *
bytes signature = 2 [(.google.api.field_behavior) = REQUIRED];
+ * bytes signature = 2 [(.google.api.field_behavior) = OPTIONAL];
*
* @return The signature.
*/
@@ -116,10 +116,10 @@ public com.google.protobuf.ByteString getSignature() {
*
*
* - * Required. An associated public key used to verify the signature. + * Optional. Reserved for future use. ** - *
bytes public_key = 3 [(.google.api.field_behavior) = REQUIRED];
+ * bytes public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
*
* @return The publicKey.
*/
@@ -134,11 +134,11 @@ public com.google.protobuf.ByteString getPublicKey() {
*
*
* - * Required. The algorithm used to produce the container image signature. + * Optional. Reserved for future use. ** *
- * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = REQUIRED];
+ * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = OPTIONAL];
*
*
* @return The enum numeric value on the wire for sigAlg.
@@ -151,11 +151,11 @@ public int getSigAlgValue() {
*
*
* - * Required. The algorithm used to produce the container image signature. + * Optional. Reserved for future use. ** *
- * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = REQUIRED];
+ * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = OPTIONAL];
*
*
* @return The sigAlg.
@@ -592,12 +592,12 @@ public Builder mergeFrom(
*
*
* - * Required. The binary signature payload following the SimpleSigning format + * Optional. The binary signature payload following the SimpleSigning format * https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing. * This payload includes the container image digest. ** - *
bytes payload = 1 [(.google.api.field_behavior) = REQUIRED];
+ * bytes payload = 1 [(.google.api.field_behavior) = OPTIONAL];
*
* @return The payload.
*/
@@ -609,12 +609,12 @@ public com.google.protobuf.ByteString getPayload() {
*
*
* - * Required. The binary signature payload following the SimpleSigning format + * Optional. The binary signature payload following the SimpleSigning format * https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing. * This payload includes the container image digest. ** - *
bytes payload = 1 [(.google.api.field_behavior) = REQUIRED];
+ * bytes payload = 1 [(.google.api.field_behavior) = OPTIONAL];
*
* @param value The payload to set.
* @return This builder for chaining.
@@ -632,12 +632,12 @@ public Builder setPayload(com.google.protobuf.ByteString value) {
*
*
* - * Required. The binary signature payload following the SimpleSigning format + * Optional. The binary signature payload following the SimpleSigning format * https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing. * This payload includes the container image digest. ** - *
bytes payload = 1 [(.google.api.field_behavior) = REQUIRED];
+ * bytes payload = 1 [(.google.api.field_behavior) = OPTIONAL];
*
* @return This builder for chaining.
*/
@@ -653,7 +653,7 @@ public Builder clearPayload() {
*
*
* - * Required. A signature over the payload. + * Optional. A signature over the payload. * The container image digest is incorporated into the signature as follows: * 1. Generate a SimpleSigning format payload that includes the container * image digest. @@ -662,7 +662,7 @@ public Builder clearPayload() { * `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))` ** - *
bytes signature = 2 [(.google.api.field_behavior) = REQUIRED];
+ * bytes signature = 2 [(.google.api.field_behavior) = OPTIONAL];
*
* @return The signature.
*/
@@ -674,7 +674,7 @@ public com.google.protobuf.ByteString getSignature() {
*
*
* - * Required. A signature over the payload. + * Optional. A signature over the payload. * The container image digest is incorporated into the signature as follows: * 1. Generate a SimpleSigning format payload that includes the container * image digest. @@ -683,7 +683,7 @@ public com.google.protobuf.ByteString getSignature() { * `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))` ** - *
bytes signature = 2 [(.google.api.field_behavior) = REQUIRED];
+ * bytes signature = 2 [(.google.api.field_behavior) = OPTIONAL];
*
* @param value The signature to set.
* @return This builder for chaining.
@@ -701,7 +701,7 @@ public Builder setSignature(com.google.protobuf.ByteString value) {
*
*
* - * Required. A signature over the payload. + * Optional. A signature over the payload. * The container image digest is incorporated into the signature as follows: * 1. Generate a SimpleSigning format payload that includes the container * image digest. @@ -710,7 +710,7 @@ public Builder setSignature(com.google.protobuf.ByteString value) { * `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))` ** - *
bytes signature = 2 [(.google.api.field_behavior) = REQUIRED];
+ * bytes signature = 2 [(.google.api.field_behavior) = OPTIONAL];
*
* @return This builder for chaining.
*/
@@ -726,10 +726,10 @@ public Builder clearSignature() {
*
*
* - * Required. An associated public key used to verify the signature. + * Optional. Reserved for future use. ** - *
bytes public_key = 3 [(.google.api.field_behavior) = REQUIRED];
+ * bytes public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
*
* @return The publicKey.
*/
@@ -741,10 +741,10 @@ public com.google.protobuf.ByteString getPublicKey() {
*
*
* - * Required. An associated public key used to verify the signature. + * Optional. Reserved for future use. ** - *
bytes public_key = 3 [(.google.api.field_behavior) = REQUIRED];
+ * bytes public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
*
* @param value The publicKey to set.
* @return This builder for chaining.
@@ -762,10 +762,10 @@ public Builder setPublicKey(com.google.protobuf.ByteString value) {
*
*
* - * Required. An associated public key used to verify the signature. + * Optional. Reserved for future use. ** - *
bytes public_key = 3 [(.google.api.field_behavior) = REQUIRED];
+ * bytes public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
*
* @return This builder for chaining.
*/
@@ -781,11 +781,11 @@ public Builder clearPublicKey() {
*
*
* - * Required. The algorithm used to produce the container image signature. + * Optional. Reserved for future use. ** *
- * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = REQUIRED];
+ * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = OPTIONAL];
*
*
* @return The enum numeric value on the wire for sigAlg.
@@ -798,11 +798,11 @@ public int getSigAlgValue() {
*
*
* - * Required. The algorithm used to produce the container image signature. + * Optional. Reserved for future use. ** *
- * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = REQUIRED];
+ * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = OPTIONAL];
*
*
* @param value The enum numeric value on the wire for sigAlg to set.
@@ -818,11 +818,11 @@ public Builder setSigAlgValue(int value) {
*
*
* - * Required. The algorithm used to produce the container image signature. + * Optional. Reserved for future use. ** *
- * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = REQUIRED];
+ * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = OPTIONAL];
*
*
* @return The sigAlg.
@@ -839,11 +839,11 @@ public com.google.cloud.confidentialcomputing.v1.SigningAlgorithm getSigAlg() {
*
*
* - * Required. The algorithm used to produce the container image signature. + * Optional. Reserved for future use. ** *
- * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = REQUIRED];
+ * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = OPTIONAL];
*
*
* @param value The sigAlg to set.
@@ -862,11 +862,11 @@ public Builder setSigAlg(com.google.cloud.confidentialcomputing.v1.SigningAlgori
*
*
* - * Required. The algorithm used to produce the container image signature. + * Optional. Reserved for future use. ** *
- * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = REQUIRED];
+ * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = OPTIONAL];
*
*
* @return This builder for chaining.
diff --git a/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/java/com/google/cloud/confidentialcomputing/v1/ContainerImageSignatureOrBuilder.java b/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/java/com/google/cloud/confidentialcomputing/v1/ContainerImageSignatureOrBuilder.java
index 689105cddaf6..171e665c9fc5 100644
--- a/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/java/com/google/cloud/confidentialcomputing/v1/ContainerImageSignatureOrBuilder.java
+++ b/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/java/com/google/cloud/confidentialcomputing/v1/ContainerImageSignatureOrBuilder.java
@@ -27,12 +27,12 @@ public interface ContainerImageSignatureOrBuilder
*
*
* - * Required. The binary signature payload following the SimpleSigning format + * Optional. The binary signature payload following the SimpleSigning format * https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing. * This payload includes the container image digest. ** - *
bytes payload = 1 [(.google.api.field_behavior) = REQUIRED];
+ * bytes payload = 1 [(.google.api.field_behavior) = OPTIONAL];
*
* @return The payload.
*/
@@ -42,7 +42,7 @@ public interface ContainerImageSignatureOrBuilder
*
*
* - * Required. A signature over the payload. + * Optional. A signature over the payload. * The container image digest is incorporated into the signature as follows: * 1. Generate a SimpleSigning format payload that includes the container * image digest. @@ -51,7 +51,7 @@ public interface ContainerImageSignatureOrBuilder * `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))` ** - *
bytes signature = 2 [(.google.api.field_behavior) = REQUIRED];
+ * bytes signature = 2 [(.google.api.field_behavior) = OPTIONAL];
*
* @return The signature.
*/
@@ -61,10 +61,10 @@ public interface ContainerImageSignatureOrBuilder
*
*
* - * Required. An associated public key used to verify the signature. + * Optional. Reserved for future use. ** - *
bytes public_key = 3 [(.google.api.field_behavior) = REQUIRED];
+ * bytes public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
*
* @return The publicKey.
*/
@@ -74,11 +74,11 @@ public interface ContainerImageSignatureOrBuilder
*
*
* - * Required. The algorithm used to produce the container image signature. + * Optional. Reserved for future use. ** *
- * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = REQUIRED];
+ * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = OPTIONAL];
*
*
* @return The enum numeric value on the wire for sigAlg.
@@ -88,11 +88,11 @@ public interface ContainerImageSignatureOrBuilder
*
*
* - * Required. The algorithm used to produce the container image signature. + * Optional. Reserved for future use. ** *
- * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = REQUIRED];
+ * .google.cloud.confidentialcomputing.v1.SigningAlgorithm sig_alg = 4 [(.google.api.field_behavior) = OPTIONAL];
*
*
* @return The sigAlg.
diff --git a/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/java/com/google/cloud/confidentialcomputing/v1/ServiceProto.java b/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/java/com/google/cloud/confidentialcomputing/v1/ServiceProto.java
index a10b34e6680b..8e1e16110be7 100644
--- a/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/java/com/google/cloud/confidentialcomputing/v1/ServiceProto.java
+++ b/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/java/com/google/cloud/confidentialcomputing/v1/ServiceProto.java
@@ -134,10 +134,10 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+ "image_signatures\030\001 \003(\0132>.google.cloud.co"
+ "nfidentialcomputing.v1.ContainerImageSig"
+ "natureB\004\342A\001\001\"\263\001\n\027ContainerImageSignature"
- + "\022\025\n\007payload\030\001 \001(\014B\004\342A\001\002\022\027\n\tsignature\030\002 \001"
- + "(\014B\004\342A\001\002\022\030\n\npublic_key\030\003 \001(\014B\004\342A\001\002\022N\n\007si"
+ + "\022\025\n\007payload\030\001 \001(\014B\004\342A\001\001\022\027\n\tsignature\030\002 \001"
+ + "(\014B\004\342A\001\001\022\030\n\npublic_key\030\003 \001(\014B\004\342A\001\001\022N\n\007si"
+ "g_alg\030\004 \001(\01627.google.cloud.confidentialc"
- + "omputing.v1.SigningAlgorithmB\004\342A\001\002*\177\n\020Si"
+ + "omputing.v1.SigningAlgorithmB\004\342A\001\001*\177\n\020Si"
+ "gningAlgorithm\022!\n\035SIGNING_ALGORITHM_UNSP"
+ "ECIFIED\020\000\022\025\n\021RSASSA_PSS_SHA256\020\001\022\032\n\026RSAS"
+ "SA_PKCS1V15_SHA256\020\002\022\025\n\021ECDSA_P256_SHA25"
diff --git a/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/proto/google/cloud/confidentialcomputing/v1/service.proto b/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/proto/google/cloud/confidentialcomputing/v1/service.proto
index 4a97c94e0bad..a14d24fea077 100644
--- a/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/proto/google/cloud/confidentialcomputing/v1/service.proto
+++ b/java-confidentialcomputing/proto-google-cloud-confidentialcomputing-v1/src/main/proto/google/cloud/confidentialcomputing/v1/service.proto
@@ -231,23 +231,23 @@ message SignedEntity {
// ContainerImageSignature holds necessary metadata to verify a container image
// signature.
message ContainerImageSignature {
- // Required. The binary signature payload following the SimpleSigning format
+ // Optional. The binary signature payload following the SimpleSigning format
// https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing.
// This payload includes the container image digest.
- bytes payload = 1 [(google.api.field_behavior) = REQUIRED];
+ bytes payload = 1 [(google.api.field_behavior) = OPTIONAL];
- // Required. A signature over the payload.
+ // Optional. A signature over the payload.
// The container image digest is incorporated into the signature as follows:
// 1. Generate a SimpleSigning format payload that includes the container
// image digest.
// 2. Generate a signature over SHA256 digest of the payload.
// The signature generation process can be represented as follows:
// `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))`
- bytes signature = 2 [(google.api.field_behavior) = REQUIRED];
+ bytes signature = 2 [(google.api.field_behavior) = OPTIONAL];
- // Required. An associated public key used to verify the signature.
- bytes public_key = 3 [(google.api.field_behavior) = REQUIRED];
+ // Optional. Reserved for future use.
+ bytes public_key = 3 [(google.api.field_behavior) = OPTIONAL];
- // Required. The algorithm used to produce the container image signature.
- SigningAlgorithm sig_alg = 4 [(google.api.field_behavior) = REQUIRED];
+ // Optional. Reserved for future use.
+ SigningAlgorithm sig_alg = 4 [(google.api.field_behavior) = OPTIONAL];
}