Examples with DecryptResponse com.aliyuncs.kms.model.v20160120.DecryptResponse used on opensource projects

Search in sources :

Example 6 with DecryptResponse

use of com.aliyuncs.kms.model.v20160120.DecryptResponse in project aliyun-oss-java-sdk by aliyun.

the class KmsEncryptionMaterials method decryptCEK.

/**
 * Decrypt the encrypted content encryption key(cek) and encrypted iv and put
 * the result into {@link ContentCryptoMaterialRW}.
 *
 * @param contentMaterialRW
 *            The materials that contans all content crypto info,
 *            it must be constructed on outside and filled with the encrypted cek ,encrypted iv,
 *            key wrap algorithm, encryption materials description and cek generator
 *            algothrim. Then it will be builded with the cek iv parameters by this method.
 */
@Override
public void decryptCEK(ContentCryptoMaterialRW contentMaterialRW) {
    assertParameterNotNull(contentMaterialRW, "ContentCryptoMaterialRW");
    assertParameterNotNull(contentMaterialRW.getEncryptedCEK(), "ContentCryptoMaterialRW#getEncryptedCEK");
    assertParameterNotNull(contentMaterialRW.getEncryptedIV(), "ContentCryptoMaterialRW#getEncryptedIV");
    assertParameterNotNull(contentMaterialRW.getKeyWrapAlgorithm(), "ContentCryptoMaterialRW#getKeyWrapAlgorithm");
    if (!contentMaterialRW.getKeyWrapAlgorithm().toLowerCase().equals(KEY_WRAP_ALGORITHM.toLowerCase())) {
        throw new ClientException("Unrecognize your object key wrap algorithm: " + contentMaterialRW.getKeyWrapAlgorithm());
    }
    try {
        KmsClientSuite kmsClientSuite = findKmsClientSuiteByDescription(contentMaterialRW.getMaterialsDescription());
        if (kmsClientSuite == null) {
            Entry<KmsClientSuite, Map<String, String>> entry = getTailByReflection(kmsDescMaterials);
            kmsClientSuite = entry.getKey();
        }
        DecryptResponse decryptIvResp = decryptCipherBlob(kmsClientSuite, BinaryUtil.toBase64String(contentMaterialRW.getEncryptedIV()));
        byte[] iv = BinaryUtil.fromBase64String(decryptIvResp.getPlaintext());
        DecryptResponse decryptCEKResp = decryptCipherBlob(kmsClientSuite, BinaryUtil.toBase64String(contentMaterialRW.getEncryptedCEK()));
        byte[] cekBytes = BinaryUtil.fromBase64String(decryptCEKResp.getPlaintext());
        SecretKey cek = new SecretKeySpec(cekBytes, "");
        contentMaterialRW.setCEK(cek);
        contentMaterialRW.setIV(iv);
    } catch (Exception e) {
        throw new ClientException("Unable to decrypt content secured key and iv. " + "Please check your kms region and materails description." + e.getMessage(), e);
    }
}
Also used : SecretKey(javax.crypto.SecretKey) DecryptResponse(com.aliyuncs.kms.model.v20160120.DecryptResponse) SecretKeySpec(javax.crypto.spec.SecretKeySpec) ClientException(com.aliyun.oss.ClientException) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) ClientException(com.aliyun.oss.ClientException)

Example 7 with DecryptResponse

use of com.aliyuncs.kms.model.v20160120.DecryptResponse in project java-docs-samples by GoogleCloudPlatform.

the class DecryptSymmetric method decryptSymmetric.

// Decrypt data that was encrypted using a symmetric key.
public void decryptSymmetric(String projectId, String locationId, String keyRingId, String keyId, byte[] ciphertext) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version from the project, location, key ring, and key.
        CryptoKeyName keyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Optional, but recommended: compute ciphertext's CRC32C. See helpers below.
        long ciphertextCrc32c = getCrc32cAsLong(ciphertext);
        // Decrypt the ciphertext.
        DecryptRequest request = DecryptRequest.newBuilder().setName(keyName.toString()).setCiphertext(ByteString.copyFrom(ciphertext)).setCiphertextCrc32C(Int64Value.newBuilder().setValue(ciphertextCrc32c).build()).build();
        DecryptResponse response = client.decrypt(request);
        // https://cloud.google.com/kms/docs/data-integrity-guidelines
        if (!crcMatches(response.getPlaintextCrc32C().getValue(), response.getPlaintext().toByteArray())) {
            throw new IOException("Decrypt: response from server corrupted");
        }
        System.out.printf("Plaintext: %s%n", response.getPlaintext().toStringUtf8());
    }
}
Also used : DecryptResponse(com.google.cloud.kms.v1.DecryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) IOException(java.io.IOException) DecryptRequest(com.google.cloud.kms.v1.DecryptRequest) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 8 with DecryptResponse

use of com.aliyuncs.kms.model.v20160120.DecryptResponse in project java-kms by googleapis.

the class DecryptSymmetric method decryptSymmetric.

// Decrypt data that was encrypted using a symmetric key.
public void decryptSymmetric(String projectId, String locationId, String keyRingId, String keyId, byte[] ciphertext) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, and
        // key.
        CryptoKeyName keyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Decrypt the response.
        DecryptResponse response = client.decrypt(keyName, ByteString.copyFrom(ciphertext));
        System.out.printf("Plaintext: %s%n", response.getPlaintext().toStringUtf8());
    }
}
Also used : DecryptResponse(com.google.cloud.kms.v1.DecryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 9 with DecryptResponse

use of com.aliyuncs.kms.model.v20160120.DecryptResponse in project spring-cloud-gcp by GoogleCloudPlatform.

the class KmsTemplate method decryptBytes.

@Override
public byte[] decryptBytes(String cryptoKey, byte[] cipherText) {
    CryptoKeyName cryptoKeyName = KmsPropertyUtils.getCryptoKeyName(cryptoKey, projectIdProvider);
    ByteString encryptedByteString = ByteString.copyFrom(cipherText);
    long crc32c = longCrc32c(encryptedByteString);
    DecryptRequest request = DecryptRequest.newBuilder().setName(cryptoKeyName.toString()).setCiphertext(encryptedByteString).setCiphertextCrc32C(Int64Value.newBuilder().setValue(crc32c).build()).build();
    DecryptResponse response = client.decrypt(request);
    assertCrcMatch(response);
    return response.getPlaintext().toByteArray();
}
Also used : DecryptResponse(com.google.cloud.kms.v1.DecryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) ByteString(com.google.protobuf.ByteString) DecryptRequest(com.google.cloud.kms.v1.DecryptRequest)

Example 10 with DecryptResponse

use of com.aliyuncs.kms.model.v20160120.DecryptResponse in project spring-cloud-gcp by GoogleCloudPlatform.

the class KmsTemplateTests method testDecryptCorrupt.

@Test
void testDecryptCorrupt() {
    DecryptResponse decryptResponse = DecryptResponse.newBuilder().setPlaintext(ByteString.copyFromUtf8("1234")).setPlaintextCrc32C(Int64Value.newBuilder().setValue(0L).build()).build();
    when(this.client.decrypt(any(DecryptRequest.class))).thenReturn(decryptResponse);
    String cryptoKeyNameStr = "test-project/europe-west2/key-ring-id/key-id";
    assertThatThrownBy(() -> kmsTemplate.decryptText(cryptoKeyNameStr, "1234".getBytes())).isInstanceOf(com.google.cloud.spring.kms.KmsException.class);
}
Also used : DecryptResponse(com.google.cloud.kms.v1.DecryptResponse) ByteString(com.google.protobuf.ByteString) DecryptRequest(com.google.cloud.kms.v1.DecryptRequest) Test(org.junit.jupiter.api.Test)

Aggregations

DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)11 KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)7 DecryptRequest (com.google.cloud.kms.v1.DecryptRequest)6 ByteString (com.google.protobuf.ByteString)6 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)5 ClientException (com.aliyun.oss.ClientException)2 DecryptResponse (com.aliyuncs.kms.model.v20160120.DecryptResponse)2 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 Test (org.junit.jupiter.api.Test)2 DefaultAcsClient (com.aliyuncs.DefaultAcsClient)1 DecryptRequest (com.aliyuncs.kms.model.v20160120.DecryptRequest)1 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 ArrayNode (com.fasterxml.jackson.databind.node.ArrayNode)1 EncryptRequest (com.google.cloud.kms.v1.EncryptRequest)1 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)1 InputStream (java.io.InputStream)1 UncheckedIOException (java.io.UncheckedIOException)1 PrivateKey (java.security.PrivateKey)1 LinkedHashMap (java.util.LinkedHashMap)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial