Search in sources :

Example 31 with CryptoKeyVersionName

use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-kms by googleapis.

the class EncryptAsymmetric method encryptAsymmetric.

// Encrypt data that was encrypted using the public key component of the given
// key version.
public void encryptAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String plaintext) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        // Encrypt plaintext for the 'RSA_DECRYPT_OAEP_2048_SHA256' key.
        // For other key algorithms:
        // https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
        OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
        cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
        byte[] ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
        System.out.printf("Ciphertext: %s%n", ciphertext);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) Cipher(javax.crypto.Cipher) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)

Example 32 with CryptoKeyVersionName

use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-kms by googleapis.

the class RestoreKeyVersion method restoreKeyVersion.

// Schedule destruction of the given key version.
public void restoreKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Restore the key version.
        CryptoKeyVersion response = client.restoreCryptoKeyVersion(keyVersionName);
        System.out.printf("Restored key version: %s%n", response.getName());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) CryptoKeyVersion(com.google.cloud.kms.v1.CryptoKeyVersion) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 33 with CryptoKeyVersionName

use of com.google.cloud.kms.v1.CryptoKeyVersionName in project java-kms by googleapis.

the class DecryptAsymmetric method decryptAsymmetric.

// Decrypt data that was encrypted using the public key component of the given
// key version.
public void decryptAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, byte[] ciphertext) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Decrypt the ciphertext.
        AsymmetricDecryptResponse response = client.asymmetricDecrypt(keyVersionName, ByteString.copyFrom(ciphertext));
        System.out.printf("Plaintext: %s%n", response.getPlaintext().toStringUtf8());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) AsymmetricDecryptResponse(com.google.cloud.kms.v1.AsymmetricDecryptResponse) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 34 with CryptoKeyVersionName

use of com.google.cloud.kms.v1.CryptoKeyVersionName in project gapic-generator-java by googleapis.

the class SyncAsymmetricDecryptCryptokeyversionnameBytestring method syncAsymmetricDecryptCryptokeyversionnameBytestring.

public static void syncAsymmetricDecryptCryptokeyversionnameBytestring() throws Exception {
    // It may require modifications to work in your environment.
    try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName name = CryptoKeyVersionName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]");
        ByteString ciphertext = ByteString.EMPTY;
        AsymmetricDecryptResponse response = keyManagementServiceClient.asymmetricDecrypt(name, ciphertext);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) ByteString(com.google.protobuf.ByteString) AsymmetricDecryptResponse(com.google.cloud.kms.v1.AsymmetricDecryptResponse) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 35 with CryptoKeyVersionName

use of com.google.cloud.kms.v1.CryptoKeyVersionName in project gapic-generator-java by googleapis.

the class SyncAsymmetricSignCryptokeyversionnameDigest method syncAsymmetricSignCryptokeyversionnameDigest.

public static void syncAsymmetricSignCryptokeyversionnameDigest() throws Exception {
    // It may require modifications to work in your environment.
    try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName name = CryptoKeyVersionName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]");
        Digest digest = Digest.newBuilder().build();
        AsymmetricSignResponse response = keyManagementServiceClient.asymmetricSign(name, digest);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) Digest(com.google.cloud.kms.v1.Digest) AsymmetricSignResponse(com.google.cloud.kms.v1.AsymmetricSignResponse) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Aggregations

CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37 KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)37 CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)13 PublicKey (com.google.cloud.kms.v1.PublicKey)11 ByteString (com.google.protobuf.ByteString)9 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 Digest (com.google.cloud.kms.v1.Digest)7 Test (org.junit.Test)7 MessageDigest (java.security.MessageDigest)6 FieldMask (com.google.protobuf.FieldMask)4 Signature (java.security.Signature)4 Cipher (javax.crypto.Cipher)4 OAEPParameterSpec (javax.crypto.spec.OAEPParameterSpec)4 AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)3 AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)3 IOException (java.io.IOException)3 KeyOperationAttestation (com.google.cloud.kms.v1.KeyOperationAttestation)2 MacSignResponse (com.google.cloud.kms.v1.MacSignResponse)2 AsymmetricDecryptRequest (com.google.cloud.kms.v1.AsymmetricDecryptRequest)1 AsymmetricSignRequest (com.google.cloud.kms.v1.AsymmetricSignRequest)1