Search in sources :

Example 66 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method testVerifyAsymmetricEc.

@Test
public void testVerifyAsymmetricEc() throws IOException, GeneralSecurityException {
    String message = "my message";
    byte[] signature;
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_EC_KEY_ID, "1");
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        byte[] hash = sha256.digest(message.getBytes(StandardCharsets.UTF_8));
        Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
        signature = client.asymmetricSign(versionName, digest).getSignature().toByteArray();
    }
    new VerifyAsymmetricEc().verifyAsymmetricEc(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_EC_KEY_ID, "1", message, signature);
    assertThat(stdOut.toString()).contains("Signature");
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) Digest(com.google.cloud.kms.v1.Digest) MessageDigest(java.security.MessageDigest) ByteString(com.google.protobuf.ByteString) MessageDigest(java.security.MessageDigest) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) Test(org.junit.Test)

Example 67 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SignAsymmetric method signAsymmetric.

// Get the public key associated with an asymmetric key.
public void signAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Calculate the digest.
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        byte[] hash = sha256.digest(plaintext);
        // Build the digest object.
        Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
        // Sign the digest.
        AsymmetricSignResponse result = client.asymmetricSign(keyVersionName, digest);
        // Get the signature.
        byte[] signature = result.getSignature().toByteArray();
        System.out.printf("Signature %s%n", signature);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) MessageDigest(java.security.MessageDigest) Digest(com.google.cloud.kms.v1.Digest) AsymmetricSignResponse(com.google.cloud.kms.v1.AsymmetricSignResponse) MessageDigest(java.security.MessageDigest) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 68 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SignMac method signMac.

// Sign data with a given mac key.
public void signMac(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String data) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Generate an HMAC of the data.
        MacSignResponse response = client.macSign(keyVersionName, ByteString.copyFromUtf8(data));
        // The data comes back as raw bytes, which may include non-printable
        // characters. This base64-encodes the result so it can be printed below.
        String encodedSignature = Base64.getEncoder().encodeToString(response.getMac().toByteArray());
        System.out.printf("Signature: %s%n", encodedSignature);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) MacSignResponse(com.google.cloud.kms.v1.MacSignResponse) ByteString(com.google.protobuf.ByteString) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 69 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class UpdateKeyRemoveRotation method updateKeyRemoveRotation.

// Update a key to remove all labels.
public void updateKeyRemoveRotation(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, key ring, and keyId.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Build an empty key with no labels.
        CryptoKey key = CryptoKey.newBuilder().setName(cryptoKeyName.toString()).clearRotationPeriod().clearNextRotationTime().build();
        // Construct the field mask.
        FieldMask fieldMask = FieldMaskUtil.fromString("rotation_period,next_rotation_time");
        // Create the key.
        CryptoKey createdKey = client.updateCryptoKey(key, fieldMask);
        System.out.printf("Updated key %s%n", createdKey.getName());
    }
}
Also used : CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) CryptoKey(com.google.cloud.kms.v1.CryptoKey) FieldMask(com.google.protobuf.FieldMask) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 70 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class UpdateKeyUpdateLabels method updateKeyUpdateLabels.

// Create a new key that is used for symmetric encryption and decryption.
public void updateKeyUpdateLabels(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the parent name from the project, location, and key ring.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // 
        // Step 1 - get the current set of labels on the key
        // 
        // Get the current key.
        CryptoKey key = client.getCryptoKey(cryptoKeyName);
        // 
        // Step 2 - add a label to the list of labels
        // 
        // Add a new label.
        key = key.toBuilder().putLabels("new_label", "new_value").build();
        // Construct the field mask.
        FieldMask fieldMask = FieldMaskUtil.fromString("labels");
        // Update the key.
        CryptoKey updatedKey = client.updateCryptoKey(key, fieldMask);
        System.out.printf("Updated key %s%n", updatedKey.getName());
    }
}
Also used : CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) CryptoKey(com.google.cloud.kms.v1.CryptoKey) FieldMask(com.google.protobuf.FieldMask) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Aggregations

KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)185 CryptoKey (com.google.cloud.kms.v1.CryptoKey)56 CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)39 CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)33 ByteString (com.google.protobuf.ByteString)20 KeyRingName (com.google.cloud.kms.v1.KeyRingName)17 KeyRing (com.google.cloud.kms.v1.KeyRing)16 FieldMask (com.google.protobuf.FieldMask)16 PublicKey (com.google.cloud.kms.v1.PublicKey)14 ImportJob (com.google.cloud.kms.v1.ImportJob)10 Test (org.junit.Test)10 Digest (com.google.cloud.kms.v1.Digest)8 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)8 Policy (com.google.iam.v1.Policy)8 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)7 AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)6 AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)6 LocationName (com.google.cloud.kms.v1.LocationName)6