Example 26 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-docs-samples by GoogleCloudPlatform.
the class DecryptAsymmetric method decryptAsymmetric.
// Decrypt data that was encrypted using the public key component of the given
// key version.
public void decryptAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, byte[] ciphertext) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Optional, but recommended: compute ciphertext's CRC32C. See helpers below.
long ciphertextCrc32c = getCrc32cAsLong(ciphertext);
// Decrypt the ciphertext.
AsymmetricDecryptRequest request = AsymmetricDecryptRequest.newBuilder().setName(keyVersionName.toString()).setCiphertext(ByteString.copyFrom(ciphertext)).setCiphertextCrc32C(Int64Value.newBuilder().setValue(ciphertextCrc32c).build()).build();
AsymmetricDecryptResponse response = client.asymmetricDecrypt(request);
// https://cloud.google.com/kms/docs/data-integrity-guidelines
if (!response.getVerifiedCiphertextCrc32C()) {
throw new IOException("AsymmetricDecrypt: request to server corrupted");
}
if (!crcMatches(response.getPlaintextCrc32C().getValue(), response.getPlaintext().toByteArray())) {
throw new IOException("AsymmetricDecrypt: response from server corrupted");
}
System.out.printf("Plaintext: %s%n", response.getPlaintext().toStringUtf8());
}
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
AsymmetricDecryptRequest(com.google.cloud.kms.v1.AsymmetricDecryptRequest)
AsymmetricDecryptResponse(com.google.cloud.kms.v1.AsymmetricDecryptResponse)
IOException(java.io.IOException)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 27 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-docs-samples by GoogleCloudPlatform.
the class DisableKeyVersion method disableKeyVersion.
// Disable a key version from use.
public void disableKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Build the updated key version, setting it to disbaled.
CryptoKeyVersion keyVersion = CryptoKeyVersion.newBuilder().setName(keyVersionName.toString()).setState(CryptoKeyVersionState.DISABLED).build();
// Create a field mask of updated values.
FieldMask fieldMask = FieldMaskUtil.fromString("state");
// Destroy the key version.
CryptoKeyVersion response = client.updateCryptoKeyVersion(keyVersion, fieldMask);
System.out.printf("Disabled key version: %s%n", response.getName());
}
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
CryptoKeyVersion(com.google.cloud.kms.v1.CryptoKeyVersion)
FieldMask(com.google.protobuf.FieldMask)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 28 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-docs-samples by GoogleCloudPlatform.
the class EncryptAsymmetric method encryptAsymmetric.
// Encrypt data that was encrypted using the public key component of the given
// key version.
public void encryptAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String plaintext) throws IOException, GeneralSecurityException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Get the public key.
PublicKey publicKey = client.getPublicKey(keyVersionName);
// Convert the public PEM key to a DER key (see helper below).
byte[] derKey = convertPemToDer(publicKey.getPem());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
// Encrypt plaintext for the 'RSA_DECRYPT_OAEP_2048_SHA256' key.
// For other key algorithms:
// https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
byte[] ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
System.out.printf("Ciphertext: %s%n", ciphertext);
}
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
PublicKey(com.google.cloud.kms.v1.PublicKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
Cipher(javax.crypto.Cipher)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
Example 29 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-docs-samples by GoogleCloudPlatform.
the class GetPublicKey method getPublicKey.
// Get the public key associated with an asymmetric key.
public void getPublicKey(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException, GeneralSecurityException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Get the public key.
PublicKey publicKey = client.getPublicKey(keyVersionName);
// https://cloud.google.com/kms/docs/data-integrity-guidelines
if (!publicKey.getName().equals(keyVersionName.toString())) {
throw new IOException("GetPublicKey: request to server corrupted");
}
// See helper below.
if (!crcMatches(publicKey.getPemCrc32C().getValue(), publicKey.getPemBytes().toByteArray())) {
throw new IOException("GetPublicKey: response from server corrupted");
}
System.out.printf("Public key: %s%n", publicKey.getPem());
}
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
PublicKey(com.google.cloud.kms.v1.PublicKey)
IOException(java.io.IOException)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 30 with CryptoKeyVersionName
use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-kms by googleapis.
the class SnippetsIT method verifyMac.
@Test
public void verifyMac() throws IOException, GeneralSecurityException {
String data = "my data";
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, MAC_KEY_ID, "1");
MacSignResponse response = client.macSign(versionName, ByteString.copyFromUtf8(data));
new VerifyMac().verifyMac(PROJECT_ID, LOCATION_ID, KEY_RING_ID, MAC_KEY_ID, "1", data, response.getMac().toByteArray());
assertThat(stdOut.toString()).contains("Success: true");
}
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
MacSignResponse(com.google.cloud.kms.v1.MacSignResponse)
ByteString(com.google.protobuf.ByteString)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Test(org.junit.Test)
Aggregations
CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37
KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)37
CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)13
PublicKey (com.google.cloud.kms.v1.PublicKey)11
ByteString (com.google.protobuf.ByteString)9
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8
Digest (com.google.cloud.kms.v1.Digest)7
Test (org.junit.Test)7
MessageDigest (java.security.MessageDigest)6
FieldMask (com.google.protobuf.FieldMask)4
Signature (java.security.Signature)4
Cipher (javax.crypto.Cipher)4
OAEPParameterSpec (javax.crypto.spec.OAEPParameterSpec)4
AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)3
AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)3
IOException (java.io.IOException)3
KeyOperationAttestation (com.google.cloud.kms.v1.KeyOperationAttestation)2
MacSignResponse (com.google.cloud.kms.v1.MacSignResponse)2
AsymmetricDecryptRequest (com.google.cloud.kms.v1.AsymmetricDecryptRequest)1
AsymmetricSignRequest (com.google.cloud.kms.v1.AsymmetricSignRequest)1
