use of com.google.cloud.kms.v1.AsymmetricSignRequest in project java-docs-samples by GoogleCloudPlatform.
the class SignAsymmetric method signAsymmetric.
// Get the public key associated with an asymmetric key.
public void signAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message) throws IOException, GeneralSecurityException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Convert the message into bytes. Cryptographic plaintexts and
// ciphertexts are always byte arrays.
byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
// Calculate the digest.
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
byte[] hash = sha256.digest(plaintext);
// Build the digest object.
Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
// Optional, but recommended: compute digest's CRC32C. See helper below.
long digestCrc32c = getCrc32cAsLong(hash);
// Sign the digest.
AsymmetricSignRequest request = AsymmetricSignRequest.newBuilder().setName(keyVersionName.toString()).setDigest(digest).setDigestCrc32C(Int64Value.newBuilder().setValue(digestCrc32c).build()).build();
AsymmetricSignResponse response = client.asymmetricSign(request);
// https://cloud.google.com/kms/docs/data-integrity-guidelines
if (!response.getVerifiedDigestCrc32C()) {
throw new IOException("AsymmetricSign: request to server corrupted");
}
// See helper below.
if (!crcMatches(response.getSignatureCrc32C().getValue(), response.getSignature().toByteArray())) {
throw new IOException("AsymmetricSign: response from server corrupted");
}
// Get the signature.
byte[] signature = response.getSignature().toByteArray();
System.out.printf("Signature %s%n", signature);
}
}
use of com.google.cloud.kms.v1.AsymmetricSignRequest in project gapic-generator-java by googleapis.
the class AsyncAsymmetricSign method asyncAsymmetricSign.
public static void asyncAsymmetricSign() throws Exception {
// It may require modifications to work in your environment.
try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
AsymmetricSignRequest request = AsymmetricSignRequest.newBuilder().setName(CryptoKeyVersionName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]").toString()).setDigest(Digest.newBuilder().build()).setDigestCrc32C(Int64Value.newBuilder().build()).build();
ApiFuture<AsymmetricSignResponse> future = keyManagementServiceClient.asymmetricSignCallable().futureCall(request);
// Do something.
AsymmetricSignResponse response = future.get();
}
}
use of com.google.cloud.kms.v1.AsymmetricSignRequest in project gapic-generator-java by googleapis.
the class SyncAsymmetricSign method syncAsymmetricSign.
public static void syncAsymmetricSign() throws Exception {
// It may require modifications to work in your environment.
try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
AsymmetricSignRequest request = AsymmetricSignRequest.newBuilder().setName(CryptoKeyVersionName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]").toString()).setDigest(Digest.newBuilder().build()).setDigestCrc32C(Int64Value.newBuilder().build()).build();
AsymmetricSignResponse response = keyManagementServiceClient.asymmetricSign(request);
}
}
Aggregations