use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class SnippetsIT method testVerifyAsymmetricEc.
@Test
public void testVerifyAsymmetricEc() throws IOException, GeneralSecurityException {
String message = "my message";
byte[] signature;
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_EC_KEY_ID, "1");
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
byte[] hash = sha256.digest(message.getBytes(StandardCharsets.UTF_8));
Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
signature = client.asymmetricSign(versionName, digest).getSignature().toByteArray();
}
new VerifyAsymmetricEc().verifyAsymmetricEc(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_EC_KEY_ID, "1", message, signature);
assertThat(stdOut.toString()).contains("Signature");
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class SignAsymmetric method signAsymmetric.
// Get the public key associated with an asymmetric key.
public void signAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message) throws IOException, GeneralSecurityException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Convert the message into bytes. Cryptographic plaintexts and
// ciphertexts are always byte arrays.
byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
// Calculate the digest.
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
byte[] hash = sha256.digest(plaintext);
// Build the digest object.
Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
// Sign the digest.
AsymmetricSignResponse result = client.asymmetricSign(keyVersionName, digest);
// Get the signature.
byte[] signature = result.getSignature().toByteArray();
System.out.printf("Signature %s%n", signature);
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class SignMac method signMac.
// Sign data with a given mac key.
public void signMac(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String data) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Generate an HMAC of the data.
MacSignResponse response = client.macSign(keyVersionName, ByteString.copyFromUtf8(data));
// The data comes back as raw bytes, which may include non-printable
// characters. This base64-encodes the result so it can be printed below.
String encodedSignature = Base64.getEncoder().encodeToString(response.getMac().toByteArray());
System.out.printf("Signature: %s%n", encodedSignature);
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class UpdateKeyRemoveRotation method updateKeyRemoveRotation.
// Update a key to remove all labels.
public void updateKeyRemoveRotation(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the name from the project, location, key ring, and keyId.
CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
// Build an empty key with no labels.
CryptoKey key = CryptoKey.newBuilder().setName(cryptoKeyName.toString()).clearRotationPeriod().clearNextRotationTime().build();
// Construct the field mask.
FieldMask fieldMask = FieldMaskUtil.fromString("rotation_period,next_rotation_time");
// Create the key.
CryptoKey createdKey = client.updateCryptoKey(key, fieldMask);
System.out.printf("Updated key %s%n", createdKey.getName());
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class UpdateKeyUpdateLabels method updateKeyUpdateLabels.
// Create a new key that is used for symmetric encryption and decryption.
public void updateKeyUpdateLabels(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the parent name from the project, location, and key ring.
CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
//
// Step 1 - get the current set of labels on the key
//
// Get the current key.
CryptoKey key = client.getCryptoKey(cryptoKeyName);
//
// Step 2 - add a label to the list of labels
//
// Add a new label.
key = key.toBuilder().putLabels("new_label", "new_value").build();
// Construct the field mask.
FieldMask fieldMask = FieldMaskUtil.fromString("labels");
// Update the key.
CryptoKey updatedKey = client.updateCryptoKey(key, fieldMask);
System.out.printf("Updated key %s%n", updatedKey.getName());
}
}
Aggregations