Examples with KeyManagementServiceClient com.google.cloud.kms.v1.KeyManagementServiceClient used on opensource projects

Example 61 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method createAsymmetricSignRsaKey.

private static CryptoKey createAsymmetricSignRsaKey(String keyId) throws IOException {
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ASYMMETRIC_SIGN).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256).build()).putLabels("foo", "bar").putLabels("zip", "zap").build();
        CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key);
        return createdKey;
    }
}

Example 62 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method createSymmetricKey.

private static CryptoKey createSymmetricKey(String keyId) throws IOException {
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION).build()).putLabels("foo", "bar").putLabels("zip", "zap").build();
        CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key);
        return createdKey;
    }
}

Example 63 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method testDecryptAsymmetric.

@Test
public void testDecryptAsymmetric() throws IOException, GeneralSecurityException {
    String plaintext = "my message";
    byte[] ciphertext;
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1");
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
        OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
        cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
        ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
    }
    new DecryptAsymmetric().decryptAsymmetric(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1", ciphertext);
    assertThat(stdOut.toString()).contains("my message");
}

Example 64 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method createMacKey.

private static CryptoKey createMacKey(String keyId) throws IOException {
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.MAC).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.HMAC_SHA256).setProtectionLevel(ProtectionLevel.HSM).build()).putLabels("foo", "bar").putLabels("zip", "zap").build();
        CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key);
        return createdKey;
    }
}

Example 65 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method testVerifyAsymmetricRsa.

@Test
public void testVerifyAsymmetricRsa() throws IOException, GeneralSecurityException {
    String message = "my message";
    byte[] signature;
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_RSA_KEY_ID, "1");
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        byte[] hash = sha256.digest(message.getBytes(StandardCharsets.UTF_8));
        Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
        signature = client.asymmetricSign(versionName, digest).getSignature().toByteArray();
    }
    new VerifyAsymmetricRsa().verifyAsymmetricRsa(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_RSA_KEY_ID, "1", message, signature);
    assertThat(stdOut.toString()).contains("Signature");
}