Example 6 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-docs-samples by GoogleCloudPlatform.
the class DestroyKeyVersion method destroyKeyVersion.
// Schedule destruction of the given key version.
public void destroyKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Destroy the key version.
CryptoKeyVersion response = client.destroyCryptoKeyVersion(keyVersionName);
System.out.printf("Destroyed key version: %s%n", response.getName());
}
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
CryptoKeyVersion(com.google.cloud.kms.v1.CryptoKeyVersion)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 7 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-docs-samples by GoogleCloudPlatform.
the class EnableKeyVersion method enableKeyVersion.
// Enable a disabled key version to be used again.
public void enableKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Build the updated key version, setting it to enabled.
CryptoKeyVersion keyVersion = CryptoKeyVersion.newBuilder().setName(keyVersionName.toString()).setState(CryptoKeyVersionState.ENABLED).build();
// Create a field mask of updated values.
FieldMask fieldMask = FieldMaskUtil.fromString("state");
// Destroy the key version.
CryptoKeyVersion response = client.updateCryptoKeyVersion(keyVersion, fieldMask);
System.out.printf("Enabled key version: %s%n", response.getName());
}
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
CryptoKeyVersion(com.google.cloud.kms.v1.CryptoKeyVersion)
FieldMask(com.google.protobuf.FieldMask)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 8 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-kms by googleapis.
the class VerifyMac method verifyMac.
// Sign data with a given mac key.
public void verifyMac(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String data, byte[] signature) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Verify the signature
MacVerifyResponse response = client.macVerify(keyVersionName, ByteString.copyFromUtf8(data), ByteString.copyFrom(signature));
// The data comes back as raw bytes, which may include non-printable
// characters. This base64-encodes the result so it can be printed below.
System.out.printf("Success: %s%n", response.getSuccess());
}
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
MacVerifyResponse(com.google.cloud.kms.v1.MacVerifyResponse)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 9 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-kms by googleapis.
the class SnippetsIT method testDecryptAsymmetric.
@Test
public void testDecryptAsymmetric() throws IOException, GeneralSecurityException {
String plaintext = "my message";
byte[] ciphertext;
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1");
PublicKey publicKey = client.getPublicKey(keyVersionName);
byte[] derKey = convertPemToDer(publicKey.getPem());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
}
new DecryptAsymmetric().decryptAsymmetric(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1", ciphertext);
assertThat(stdOut.toString()).contains("my message");
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
PublicKey(com.google.cloud.kms.v1.PublicKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
ByteString(com.google.protobuf.ByteString)
Cipher(javax.crypto.Cipher)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
Test(org.junit.Test)
Example 10 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-kms by googleapis.
the class SnippetsIT method testVerifyAsymmetricRsa.
@Test
public void testVerifyAsymmetricRsa() throws IOException, GeneralSecurityException {
String message = "my message";
byte[] signature;
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_RSA_KEY_ID, "1");
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
byte[] hash = sha256.digest(message.getBytes(StandardCharsets.UTF_8));
Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
signature = client.asymmetricSign(versionName, digest).getSignature().toByteArray();
}
new VerifyAsymmetricRsa().verifyAsymmetricRsa(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_RSA_KEY_ID, "1", message, signature);
assertThat(stdOut.toString()).contains("Signature");
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
Digest(com.google.cloud.kms.v1.Digest)
MessageDigest(java.security.MessageDigest)
ByteString(com.google.protobuf.ByteString)
MessageDigest(java.security.MessageDigest)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Test(org.junit.Test)
Aggregations
CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37
KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)37
CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)13
PublicKey (com.google.cloud.kms.v1.PublicKey)11
ByteString (com.google.protobuf.ByteString)9
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8
Digest (com.google.cloud.kms.v1.Digest)7
Test (org.junit.Test)7
MessageDigest (java.security.MessageDigest)6
FieldMask (com.google.protobuf.FieldMask)4
Signature (java.security.Signature)4
Cipher (javax.crypto.Cipher)4
OAEPParameterSpec (javax.crypto.spec.OAEPParameterSpec)4
AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)3
AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)3
IOException (java.io.IOException)3
KeyOperationAttestation (com.google.cloud.kms.v1.KeyOperationAttestation)2
MacSignResponse (com.google.cloud.kms.v1.MacSignResponse)2
AsymmetricDecryptRequest (com.google.cloud.kms.v1.AsymmetricDecryptRequest)1
AsymmetricSignRequest (com.google.cloud.kms.v1.AsymmetricSignRequest)1
