Search in sources :

Example 1 with EncryptRequest

use of com.google.cloud.kms.v1.EncryptRequest in project java-docs-samples by GoogleCloudPlatform.

the class EncryptSymmetric method encryptSymmetric.

// Encrypt data with a given key.
public void encryptSymmetric(String projectId, String locationId, String keyRingId, String keyId, String plaintext) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key name from the project, location, key ring, and key.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Convert plaintext to ByteString.
        ByteString plaintextByteString = ByteString.copyFromUtf8(plaintext);
        // Optional, but recommended: compute plaintext's CRC32C. See helper below.
        long plaintextCrc32c = getCrc32cAsLong(plaintextByteString.toByteArray());
        // Encrypt the plaintext.
        EncryptRequest request = EncryptRequest.newBuilder().setName(cryptoKeyName.toString()).setPlaintext(plaintextByteString).setPlaintextCrc32C(Int64Value.newBuilder().setValue(plaintextCrc32c).build()).build();
        EncryptResponse response = client.encrypt(request);
        // https://cloud.google.com/kms/docs/data-integrity-guidelines
        if (!response.getVerifiedPlaintextCrc32C()) {
            throw new IOException("Encrypt: request to server corrupted");
        }
        // See helper below.
        if (!crcMatches(response.getCiphertextCrc32C().getValue(), response.getCiphertext().toByteArray())) {
            throw new IOException("Encrypt: response from server corrupted");
        }
        System.out.printf("Ciphertext: %s%n", response.getCiphertext().toStringUtf8());
    }
}
Also used : EncryptResponse(com.google.cloud.kms.v1.EncryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) ByteString(com.google.protobuf.ByteString) IOException(java.io.IOException) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) EncryptRequest(com.google.cloud.kms.v1.EncryptRequest)

Example 2 with EncryptRequest

use of com.google.cloud.kms.v1.EncryptRequest in project aliyun-oss-java-sdk by aliyun.

the class KmsEncryptionMaterials method encryptPlainText.

/**
 * Encrypt the plain text to cipherBlob.
 */
private EncryptResponse encryptPlainText(String keyId, String plainText) throws ClientException {
    DefaultAcsClient kmsClient = createKmsClient(region, credentialsProvider);
    final EncryptRequest encReq = new EncryptRequest();
    encReq.setSysProtocol(ProtocolType.HTTPS);
    encReq.setAcceptFormat(FormatType.JSON);
    encReq.setSysMethod(MethodType.POST);
    encReq.setKeyId(keyId);
    encReq.setPlaintext(plainText);
    final EncryptResponse encResponse;
    try {
        encResponse = kmsClient.getAcsResponse(encReq);
    } catch (Exception e) {
        throw new ClientException("the kms client encrypt data failed." + e.getMessage(), e);
    }
    return encResponse;
}
Also used : EncryptResponse(com.aliyuncs.kms.model.v20160120.EncryptResponse) DefaultAcsClient(com.aliyuncs.DefaultAcsClient) ClientException(com.aliyun.oss.ClientException) ClientException(com.aliyun.oss.ClientException) EncryptRequest(com.aliyuncs.kms.model.v20160120.EncryptRequest)

Example 3 with EncryptRequest

use of com.google.cloud.kms.v1.EncryptRequest in project spring-cloud-gcp by GoogleCloudPlatform.

the class KmsTemplate method encryptBytes.

@Override
public byte[] encryptBytes(String cryptoKey, byte[] bytes) {
    CryptoKeyName cryptoKeyName = KmsPropertyUtils.getCryptoKeyName(cryptoKey, projectIdProvider);
    long crc32c = longCrc32c(bytes);
    EncryptRequest request = EncryptRequest.newBuilder().setName(cryptoKeyName.toString()).setPlaintext(ByteString.copyFrom(bytes)).setPlaintextCrc32C(Int64Value.newBuilder().setValue(crc32c).build()).build();
    EncryptResponse response = client.encrypt(request);
    assertCrcMatch(response);
    return response.getCiphertext().toByteArray();
}
Also used : EncryptResponse(com.google.cloud.kms.v1.EncryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) EncryptRequest(com.google.cloud.kms.v1.EncryptRequest)

Example 4 with EncryptRequest

use of com.google.cloud.kms.v1.EncryptRequest in project gapic-generator-java by googleapis.

the class AsyncEncrypt method asyncEncrypt.

public static void asyncEncrypt() throws Exception {
    // It may require modifications to work in your environment.
    try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
        EncryptRequest request = EncryptRequest.newBuilder().setName(CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]").toString()).setPlaintext(ByteString.EMPTY).setAdditionalAuthenticatedData(ByteString.EMPTY).setPlaintextCrc32C(Int64Value.newBuilder().build()).setAdditionalAuthenticatedDataCrc32C(Int64Value.newBuilder().build()).build();
        ApiFuture<EncryptResponse> future = keyManagementServiceClient.encryptCallable().futureCall(request);
        // Do something.
        EncryptResponse response = future.get();
    }
}
Also used : EncryptResponse(com.google.cloud.kms.v1.EncryptResponse) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) EncryptRequest(com.google.cloud.kms.v1.EncryptRequest)

Example 5 with EncryptRequest

use of com.google.cloud.kms.v1.EncryptRequest in project gapic-generator-java by googleapis.

the class SyncEncrypt method syncEncrypt.

public static void syncEncrypt() throws Exception {
    // It may require modifications to work in your environment.
    try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
        EncryptRequest request = EncryptRequest.newBuilder().setName(CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]").toString()).setPlaintext(ByteString.EMPTY).setAdditionalAuthenticatedData(ByteString.EMPTY).setPlaintextCrc32C(Int64Value.newBuilder().build()).setAdditionalAuthenticatedDataCrc32C(Int64Value.newBuilder().build()).build();
        EncryptResponse response = keyManagementServiceClient.encrypt(request);
    }
}
Also used : EncryptResponse(com.google.cloud.kms.v1.EncryptResponse) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) EncryptRequest(com.google.cloud.kms.v1.EncryptRequest)

Aggregations

EncryptRequest (com.google.cloud.kms.v1.EncryptRequest)4 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)4 KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)3 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)2 ClientException (com.aliyun.oss.ClientException)1 DefaultAcsClient (com.aliyuncs.DefaultAcsClient)1 EncryptRequest (com.aliyuncs.kms.model.v20160120.EncryptRequest)1 EncryptResponse (com.aliyuncs.kms.model.v20160120.EncryptResponse)1 ByteString (com.google.protobuf.ByteString)1 IOException (java.io.IOException)1