Example 1 with EncryptResponse
use of com.aliyuncs.kms.model.v20160120.EncryptResponse in project gapic-generator-java by googleapis.
the class SyncEncryptResourcenameBytestring method syncEncryptResourcenameBytestring.
public static void syncEncryptResourcenameBytestring() throws Exception {
// It may require modifications to work in your environment.
try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
ResourceName name = CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]");
ByteString plaintext = ByteString.EMPTY;
EncryptResponse response = keyManagementServiceClient.encrypt(name, plaintext);
}
}
Also used :
EncryptResponse(com.google.cloud.kms.v1.EncryptResponse)
ResourceName(com.google.api.resourcenames.ResourceName)
ByteString(com.google.protobuf.ByteString)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 2 with EncryptResponse
use of com.aliyuncs.kms.model.v20160120.EncryptResponse in project aliyun-oss-java-sdk by aliyun.
the class KmsEncryptionMaterials method encryptCEK.
/**
* Encrypt the content encryption key(cek) and iv, and put the result into
* {@link ContentCryptoMaterialRW}.
*
* @param contentMaterialRW
* The materials that contans all content crypto info,
* it must be constructed on outside and filled with the iv and cek.
* Then it will be builded with the encrypted cek ,encrypted iv, key wrap algorithm
* and encryption materials description by this method.
*/
@Override
public void encryptCEK(ContentCryptoMaterialRW contentMaterialRW) {
try {
assertParameterNotNull(contentMaterialRW, "contentMaterialRW");
assertParameterNotNull(contentMaterialRW.getIV(), "contentMaterialRW#getIV");
assertParameterNotNull(contentMaterialRW.getCEK(), "contentMaterialRW#getCEK");
byte[] iv = contentMaterialRW.getIV();
EncryptResponse encryptresponse = encryptPlainText(cmk, BinaryUtil.toBase64String(iv));
byte[] encryptedIV = BinaryUtil.fromBase64String(encryptresponse.getCiphertextBlob());
SecretKey cek = contentMaterialRW.getCEK();
encryptresponse = encryptPlainText(cmk, BinaryUtil.toBase64String(cek.getEncoded()));
byte[] encryptedCEK = BinaryUtil.fromBase64String(encryptresponse.getCiphertextBlob());
contentMaterialRW.setEncryptedCEK(encryptedCEK);
contentMaterialRW.setEncryptedIV(encryptedIV);
contentMaterialRW.setKeyWrapAlgorithm(KEY_WRAP_ALGORITHM);
contentMaterialRW.setMaterialsDescription(desc);
} catch (Exception e) {
throw new ClientException("Kms encrypt CEK IV error. " + "Please check your cmk, region, accessKeyId and accessSecretId." + e.getMessage(), e);
}
}
Also used :
SecretKey(javax.crypto.SecretKey)
EncryptResponse(com.aliyuncs.kms.model.v20160120.EncryptResponse)
ClientException(com.aliyun.oss.ClientException)
ClientException(com.aliyun.oss.ClientException)
Example 3 with EncryptResponse
use of com.aliyuncs.kms.model.v20160120.EncryptResponse in project ranger by apache.
the class RangerGoogleCloudHSMProvider method encryptZoneKey.
@Override
public byte[] encryptZoneKey(Key zoneKey) throws Exception {
if (logger.isDebugEnabled()) {
logger.debug("==> GCP encryptZoneKey()");
}
// Data to encrypt i.e a zoneKey
byte[] primaryEncodedZoneKey = zoneKey.getEncoded();
CryptoKeyName keyName = CryptoKeyName.of(this.gcpProjectId, this.gcpLocationId, this.gcpKeyRingId, this.gcpMasterKeyName);
EncryptResponse encryptResponse = this.client.encrypt(keyName, ByteString.copyFrom(primaryEncodedZoneKey));
if (encryptResponse == null) {
throw new RuntimeCryptoException("Got null response for encrypt zone key operation, Please reverify/check configs!");
}
if (logger.isDebugEnabled()) {
logger.debug("<== GCP encryptZoneKey() : EncryptResponse - { " + encryptResponse + " }");
}
return encryptResponse.getCiphertext().toByteArray();
}
Also used :
RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException)
EncryptResponse(com.google.cloud.kms.v1.EncryptResponse)
CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)
Example 4 with EncryptResponse
use of com.aliyuncs.kms.model.v20160120.EncryptResponse in project java-docs-samples by GoogleCloudPlatform.
the class EncryptSymmetric method encryptSymmetric.
// Encrypt data with a given key.
public void encryptSymmetric(String projectId, String locationId, String keyRingId, String keyId, String plaintext) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key name from the project, location, key ring, and key.
CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
// Convert plaintext to ByteString.
ByteString plaintextByteString = ByteString.copyFromUtf8(plaintext);
// Optional, but recommended: compute plaintext's CRC32C. See helper below.
long plaintextCrc32c = getCrc32cAsLong(plaintextByteString.toByteArray());
// Encrypt the plaintext.
EncryptRequest request = EncryptRequest.newBuilder().setName(cryptoKeyName.toString()).setPlaintext(plaintextByteString).setPlaintextCrc32C(Int64Value.newBuilder().setValue(plaintextCrc32c).build()).build();
EncryptResponse response = client.encrypt(request);
// https://cloud.google.com/kms/docs/data-integrity-guidelines
if (!response.getVerifiedPlaintextCrc32C()) {
throw new IOException("Encrypt: request to server corrupted");
}
// See helper below.
if (!crcMatches(response.getCiphertextCrc32C().getValue(), response.getCiphertext().toByteArray())) {
throw new IOException("Encrypt: response from server corrupted");
}
System.out.printf("Ciphertext: %s%n", response.getCiphertext().toStringUtf8());
}
}
Also used :
EncryptResponse(com.google.cloud.kms.v1.EncryptResponse)
CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)
ByteString(com.google.protobuf.ByteString)
IOException(java.io.IOException)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
EncryptRequest(com.google.cloud.kms.v1.EncryptRequest)
Example 5 with EncryptResponse
use of com.aliyuncs.kms.model.v20160120.EncryptResponse in project spring-cloud-gcp by GoogleCloudPlatform.
the class KmsTemplateTests method testEncryptCorrupt.
@Test
void testEncryptCorrupt() {
EncryptResponse encryptResponse = EncryptResponse.newBuilder().setCiphertext(ByteString.copyFromUtf8("invalid")).setCiphertextCrc32C(Int64Value.newBuilder().setValue(0L).build()).build();
when(this.client.encrypt(any(EncryptRequest.class))).thenReturn(encryptResponse);
String cryptoKeyNameStr = "test-project/europe-west2/key-ring-id/key-id";
assertThatThrownBy(() -> kmsTemplate.encryptText(cryptoKeyNameStr, "1234")).isInstanceOf(com.google.cloud.spring.kms.KmsException.class);
}
Also used :
EncryptResponse(com.google.cloud.kms.v1.EncryptResponse)
ByteString(com.google.protobuf.ByteString)
EncryptRequest(com.google.cloud.kms.v1.EncryptRequest)
Test(org.junit.jupiter.api.Test)
Aggregations
EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)13
KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)8
ByteString (com.google.protobuf.ByteString)8
EncryptRequest (com.google.cloud.kms.v1.EncryptRequest)7
CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)6
Test (org.junit.jupiter.api.Test)3
ClientException (com.aliyun.oss.ClientException)2
EncryptResponse (com.aliyuncs.kms.model.v20160120.EncryptResponse)2
DecryptRequest (com.google.cloud.kms.v1.DecryptRequest)2
Test (org.junit.Test)2
DefaultAcsClient (com.aliyuncs.DefaultAcsClient)1
EncryptRequest (com.aliyuncs.kms.model.v20160120.EncryptRequest)1
ResourceName (com.google.api.resourcenames.ResourceName)1
DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)1
IOException (java.io.IOException)1
SecretKey (javax.crypto.SecretKey)1
RuntimeCryptoException (org.bouncycastle.crypto.RuntimeCryptoException)1
