Example 1 with CryptoKey
use of com.google.cloud.kms.v1.CryptoKey in project java-docs-samples by GoogleCloudPlatform.
the class DeIdentification method reIdentifyWithFpe.
// [END dlp_deidentify_fpe]
// [START dlp_reidentify_fpe]
/**
* Reidentify a string by encrypting sensitive information while preserving format.
*
* @param string The string to reidentify.
* @param alphabet The set of characters used when encrypting the input. For more information, see
* cloud.google.com/dlp/docs/reference/rest/v2/content/deidentify
* @param keyName The name of the Cloud KMS key to use when decrypting the wrapped key.
* @param wrappedKey The encrypted (or "wrapped") AES-256 encryption key.
* @param projectId ID of Google Cloud project to run the API under.
* @param surrogateType The name of the surrogate custom info type to used during the encryption
* process.
*/
private static void reIdentifyWithFpe(String string, FfxCommonNativeAlphabet alphabet, String keyName, String wrappedKey, String projectId, String surrogateType) {
// instantiate a client
try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {
ContentItem contentItem = ContentItem.newBuilder().setValue(string).build();
InfoType surrogateTypeObject = InfoType.newBuilder().setName(surrogateType).build();
// Create the format-preserving encryption (FPE) configuration
KmsWrappedCryptoKey kmsWrappedCryptoKey = KmsWrappedCryptoKey.newBuilder().setWrappedKey(ByteString.copyFrom(BaseEncoding.base64().decode(wrappedKey))).setCryptoKeyName(keyName).build();
CryptoKey cryptoKey = CryptoKey.newBuilder().setKmsWrapped(kmsWrappedCryptoKey).build();
CryptoReplaceFfxFpeConfig cryptoReplaceFfxFpeConfig = CryptoReplaceFfxFpeConfig.newBuilder().setCryptoKey(cryptoKey).setCommonAlphabet(alphabet).setSurrogateInfoType(surrogateTypeObject).build();
// Create the deidentification transformation configuration
PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder().setCryptoReplaceFfxFpeConfig(cryptoReplaceFfxFpeConfig).build();
InfoTypeTransformation infoTypeTransformationObject = InfoTypeTransformation.newBuilder().setPrimitiveTransformation(primitiveTransformation).addInfoTypes(surrogateTypeObject).build();
InfoTypeTransformations infoTypeTransformationArray = InfoTypeTransformations.newBuilder().addTransformations(infoTypeTransformationObject).build();
// Create the inspection config
CustomInfoType customInfoType = CustomInfoType.newBuilder().setInfoType(surrogateTypeObject).setSurrogateType(SurrogateType.newBuilder().build()).build();
InspectConfig inspectConfig = InspectConfig.newBuilder().addCustomInfoTypes(customInfoType).build();
// Create the reidentification request object
DeidentifyConfig reidentifyConfig = DeidentifyConfig.newBuilder().setInfoTypeTransformations(infoTypeTransformationArray).build();
ReidentifyContentRequest request = ReidentifyContentRequest.newBuilder().setParent(ProjectName.of(projectId).toString()).setReidentifyConfig(reidentifyConfig).setInspectConfig(inspectConfig).setItem(contentItem).build();
// Execute the deidentification request
ReidentifyContentResponse response = dlpServiceClient.reidentifyContent(request);
// Print the reidentified input value
// e.g. "My SSN is 7261298621" --> "My SSN is 123456789"
String result = response.getItem().getValue();
System.out.println(result);
} catch (Exception e) {
System.out.println("Error in reidentifyWithFpe: " + e.getMessage());
}
}
Also used :
InfoTypeTransformations(com.google.privacy.dlp.v2.InfoTypeTransformations)
ReidentifyContentRequest(com.google.privacy.dlp.v2.ReidentifyContentRequest)
PrimitiveTransformation(com.google.privacy.dlp.v2.PrimitiveTransformation)
CryptoKey(com.google.privacy.dlp.v2.CryptoKey)
KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey)
ByteString(com.google.protobuf.ByteString)
ReidentifyContentResponse(com.google.privacy.dlp.v2.ReidentifyContentResponse)
InspectConfig(com.google.privacy.dlp.v2.InspectConfig)
DateTimeParseException(java.time.format.DateTimeParseException)
ParseException(org.apache.commons.cli.ParseException)
CustomInfoType(com.google.privacy.dlp.v2.CustomInfoType)
CryptoReplaceFfxFpeConfig(com.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig)
DlpServiceClient(com.google.cloud.dlp.v2.DlpServiceClient)
DeidentifyConfig(com.google.privacy.dlp.v2.DeidentifyConfig)
KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey)
InfoTypeTransformation(com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation)
InfoType(com.google.privacy.dlp.v2.InfoType)
CustomInfoType(com.google.privacy.dlp.v2.CustomInfoType)
ContentItem(com.google.privacy.dlp.v2.ContentItem)
Example 2 with CryptoKey
use of com.google.cloud.kms.v1.CryptoKey in project java-docs-samples by GoogleCloudPlatform.
the class DeIdentification method deIdentifyWithFpe.
// [END dlp_deidentify_mask]
// [START dlp_deidentify_fpe]
/**
* Deidentify a string by encrypting sensitive information while preserving format.
*
* @param string The string to deidentify.
* @param alphabet The set of characters to use when encrypting the input. For more information,
* see cloud.google.com/dlp/docs/reference/rest/v2/content/deidentify
* @param keyName The name of the Cloud KMS key to use when decrypting the wrapped key.
* @param wrappedKey The encrypted (or "wrapped") AES-256 encryption key.
* @param projectId ID of Google Cloud project to run the API under.
*/
private static void deIdentifyWithFpe(String string, FfxCommonNativeAlphabet alphabet, String keyName, String wrappedKey, String projectId, String surrogateType) {
// instantiate a client
try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {
ContentItem contentItem = ContentItem.newBuilder().setValue(string).build();
// Create the format-preserving encryption (FPE) configuration
KmsWrappedCryptoKey kmsWrappedCryptoKey = KmsWrappedCryptoKey.newBuilder().setWrappedKey(ByteString.copyFrom(BaseEncoding.base64().decode(wrappedKey))).setCryptoKeyName(keyName).build();
CryptoKey cryptoKey = CryptoKey.newBuilder().setKmsWrapped(kmsWrappedCryptoKey).build();
CryptoReplaceFfxFpeConfig cryptoReplaceFfxFpeConfig = CryptoReplaceFfxFpeConfig.newBuilder().setCryptoKey(cryptoKey).setCommonAlphabet(alphabet).setSurrogateInfoType(InfoType.newBuilder().setName(surrogateType).build()).build();
// Create the deidentification transformation configuration
PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder().setCryptoReplaceFfxFpeConfig(cryptoReplaceFfxFpeConfig).build();
InfoTypeTransformation infoTypeTransformationObject = InfoTypeTransformation.newBuilder().setPrimitiveTransformation(primitiveTransformation).build();
InfoTypeTransformations infoTypeTransformationArray = InfoTypeTransformations.newBuilder().addTransformations(infoTypeTransformationObject).build();
// Create the deidentification request object
DeidentifyConfig deidentifyConfig = DeidentifyConfig.newBuilder().setInfoTypeTransformations(infoTypeTransformationArray).build();
DeidentifyContentRequest request = DeidentifyContentRequest.newBuilder().setParent(ProjectName.of(projectId).toString()).setDeidentifyConfig(deidentifyConfig).setItem(contentItem).build();
// Execute the deidentification request
DeidentifyContentResponse response = dlpServiceClient.deidentifyContent(request);
// Print the deidentified input value
// e.g. "My SSN is 123456789" --> "My SSN is 7261298621"
String result = response.getItem().getValue();
System.out.println(result);
} catch (Exception e) {
System.out.println("Error in deidentifyWithFpe: " + e.getMessage());
}
}
Also used :
InfoTypeTransformations(com.google.privacy.dlp.v2.InfoTypeTransformations)
DeidentifyContentRequest(com.google.privacy.dlp.v2.DeidentifyContentRequest)
PrimitiveTransformation(com.google.privacy.dlp.v2.PrimitiveTransformation)
CryptoKey(com.google.privacy.dlp.v2.CryptoKey)
KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey)
ByteString(com.google.protobuf.ByteString)
DateTimeParseException(java.time.format.DateTimeParseException)
ParseException(org.apache.commons.cli.ParseException)
CryptoReplaceFfxFpeConfig(com.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig)
DlpServiceClient(com.google.cloud.dlp.v2.DlpServiceClient)
DeidentifyConfig(com.google.privacy.dlp.v2.DeidentifyConfig)
KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey)
InfoTypeTransformation(com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation)
ContentItem(com.google.privacy.dlp.v2.ContentItem)
DeidentifyContentResponse(com.google.privacy.dlp.v2.DeidentifyContentResponse)
Example 3 with CryptoKey
use of com.google.cloud.kms.v1.CryptoKey in project ranger by apache.
the class RangerGoogleCloudHSMProvider method generateMasterKey.
@Override
public boolean generateMasterKey(String unused_password) throws Throwable {
// The ENCRYPT_DECRYPT key purpose enables symmetric encryption.
// All keys with key purpose ENCRYPT_DECRYPT use the GOOGLE_SYMMETRIC_ENCRYPTION algorithm.
// No parameters are used with this algorithm.
CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setProtectionLevel(ProtectionLevel.HSM).setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).build();
// Create the key.
CryptoKey createdKey = null;
try {
createdKey = client.createCryptoKey(this.keyRingName, this.gcpMasterKeyName, key);
} catch (Exception e) {
if (e instanceof AlreadyExistsException) {
logger.info("MasterKey with the name '" + this.gcpMasterKeyName + "' already exist.");
return true;
} else {
throw new RuntimeCryptoException("Failed to create master key with name '" + this.gcpMasterKeyName + "', Error - " + e.getMessage());
}
}
if (createdKey == null) {
logger.info("Failed to create master key : " + this.gcpMasterKeyName);
return false;
}
logger.info("Master Key Created Successfully On Google Cloud HSM : " + this.gcpMasterKeyName);
return true;
}
Also used :
RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException)
AlreadyExistsException(com.google.api.gax.rpc.AlreadyExistsException)
CryptoKey(com.google.cloud.kms.v1.CryptoKey)
AlreadyExistsException(com.google.api.gax.rpc.AlreadyExistsException)
RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException)
Aggregations
DlpServiceClient (com.google.cloud.dlp.v2.DlpServiceClient)2
ContentItem (com.google.privacy.dlp.v2.ContentItem)2
CryptoKey (com.google.privacy.dlp.v2.CryptoKey)2
CryptoReplaceFfxFpeConfig (com.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig)2
DeidentifyConfig (com.google.privacy.dlp.v2.DeidentifyConfig)2
InfoTypeTransformations (com.google.privacy.dlp.v2.InfoTypeTransformations)2
InfoTypeTransformation (com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation)2
KmsWrappedCryptoKey (com.google.privacy.dlp.v2.KmsWrappedCryptoKey)2
PrimitiveTransformation (com.google.privacy.dlp.v2.PrimitiveTransformation)2
ByteString (com.google.protobuf.ByteString)2
DateTimeParseException (java.time.format.DateTimeParseException)2
ParseException (org.apache.commons.cli.ParseException)2
AlreadyExistsException (com.google.api.gax.rpc.AlreadyExistsException)1
CryptoKey (com.google.cloud.kms.v1.CryptoKey)1
CustomInfoType (com.google.privacy.dlp.v2.CustomInfoType)1
DeidentifyContentRequest (com.google.privacy.dlp.v2.DeidentifyContentRequest)1
DeidentifyContentResponse (com.google.privacy.dlp.v2.DeidentifyContentResponse)1
InfoType (com.google.privacy.dlp.v2.InfoType)1
InspectConfig (com.google.privacy.dlp.v2.InspectConfig)1
ReidentifyContentRequest (com.google.privacy.dlp.v2.ReidentifyContentRequest)1
