Search in sources :

Example 61 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method createAsymmetricSignRsaKey.

private static CryptoKey createAsymmetricSignRsaKey(String keyId) throws IOException {
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ASYMMETRIC_SIGN).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256).build()).putLabels("foo", "bar").putLabels("zip", "zap").build();
        CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key);
        return createdKey;
    }
}
Also used : CryptoKey(com.google.cloud.kms.v1.CryptoKey) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 62 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method createSymmetricKey.

private static CryptoKey createSymmetricKey(String keyId) throws IOException {
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION).build()).putLabels("foo", "bar").putLabels("zip", "zap").build();
        CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key);
        return createdKey;
    }
}
Also used : CryptoKey(com.google.cloud.kms.v1.CryptoKey) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 63 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method testDecryptAsymmetric.

@Test
public void testDecryptAsymmetric() throws IOException, GeneralSecurityException {
    String plaintext = "my message";
    byte[] ciphertext;
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1");
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
        OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
        cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
        ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
    }
    new DecryptAsymmetric().decryptAsymmetric(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1", ciphertext);
    assertThat(stdOut.toString()).contains("my message");
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) ByteString(com.google.protobuf.ByteString) Cipher(javax.crypto.Cipher) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec) Test(org.junit.Test)

Example 64 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method createMacKey.

private static CryptoKey createMacKey(String keyId) throws IOException {
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.MAC).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.HMAC_SHA256).setProtectionLevel(ProtectionLevel.HSM).build()).putLabels("foo", "bar").putLabels("zip", "zap").build();
        CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key);
        return createdKey;
    }
}
Also used : CryptoKey(com.google.cloud.kms.v1.CryptoKey) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 65 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method testVerifyAsymmetricRsa.

@Test
public void testVerifyAsymmetricRsa() throws IOException, GeneralSecurityException {
    String message = "my message";
    byte[] signature;
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_RSA_KEY_ID, "1");
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        byte[] hash = sha256.digest(message.getBytes(StandardCharsets.UTF_8));
        Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
        signature = client.asymmetricSign(versionName, digest).getSignature().toByteArray();
    }
    new VerifyAsymmetricRsa().verifyAsymmetricRsa(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_RSA_KEY_ID, "1", message, signature);
    assertThat(stdOut.toString()).contains("Signature");
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) Digest(com.google.cloud.kms.v1.Digest) MessageDigest(java.security.MessageDigest) ByteString(com.google.protobuf.ByteString) MessageDigest(java.security.MessageDigest) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) Test(org.junit.Test)

Aggregations

KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)185 CryptoKey (com.google.cloud.kms.v1.CryptoKey)56 CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)39 CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)33 ByteString (com.google.protobuf.ByteString)20 KeyRingName (com.google.cloud.kms.v1.KeyRingName)17 KeyRing (com.google.cloud.kms.v1.KeyRing)16 FieldMask (com.google.protobuf.FieldMask)16 PublicKey (com.google.cloud.kms.v1.PublicKey)14 ImportJob (com.google.cloud.kms.v1.ImportJob)10 Test (org.junit.Test)10 Digest (com.google.cloud.kms.v1.Digest)8 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)8 Policy (com.google.iam.v1.Policy)8 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)7 AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)6 AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)6 LocationName (com.google.cloud.kms.v1.LocationName)6