Examples with KeyManagementServiceClient com.google.cloud.kms.v1.KeyManagementServiceClient used on opensource projects

Search in sources :

Example 66 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SnippetsIT method testVerifyAsymmetricEc.

@Test
public void testVerifyAsymmetricEc() throws IOException, GeneralSecurityException {
    String message = "my message";
    byte[] signature;
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_EC_KEY_ID, "1");
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        byte[] hash = sha256.digest(message.getBytes(StandardCharsets.UTF_8));
        Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
        signature = client.asymmetricSign(versionName, digest).getSignature().toByteArray();
    }
    new VerifyAsymmetricEc().verifyAsymmetricEc(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_EC_KEY_ID, "1", message, signature);
    assertThat(stdOut.toString()).contains("Signature");
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) Digest(com.google.cloud.kms.v1.Digest) MessageDigest(java.security.MessageDigest) ByteString(com.google.protobuf.ByteString) MessageDigest(java.security.MessageDigest) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) Test(org.junit.Test)

Example 67 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SignAsymmetric method signAsymmetric.

// Get the public key associated with an asymmetric key.
public void signAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Calculate the digest.
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        byte[] hash = sha256.digest(plaintext);
        // Build the digest object.
        Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
        // Sign the digest.
        AsymmetricSignResponse result = client.asymmetricSign(keyVersionName, digest);
        // Get the signature.
        byte[] signature = result.getSignature().toByteArray();
        System.out.printf("Signature %s%n", signature);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) MessageDigest(java.security.MessageDigest) Digest(com.google.cloud.kms.v1.Digest) AsymmetricSignResponse(com.google.cloud.kms.v1.AsymmetricSignResponse) MessageDigest(java.security.MessageDigest) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 68 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class SignMac method signMac.

// Sign data with a given mac key.
public void signMac(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String data) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Generate an HMAC of the data.
        MacSignResponse response = client.macSign(keyVersionName, ByteString.copyFromUtf8(data));
        // The data comes back as raw bytes, which may include non-printable
        // characters. This base64-encodes the result so it can be printed below.
        String encodedSignature = Base64.getEncoder().encodeToString(response.getMac().toByteArray());
        System.out.printf("Signature: %s%n", encodedSignature);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) MacSignResponse(com.google.cloud.kms.v1.MacSignResponse) ByteString(com.google.protobuf.ByteString) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 69 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class UpdateKeyRemoveRotation method updateKeyRemoveRotation.

// Update a key to remove all labels.
public void updateKeyRemoveRotation(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, key ring, and keyId.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Build an empty key with no labels.
        CryptoKey key = CryptoKey.newBuilder().setName(cryptoKeyName.toString()).clearRotationPeriod().clearNextRotationTime().build();
        // Construct the field mask.
        FieldMask fieldMask = FieldMaskUtil.fromString("rotation_period,next_rotation_time");
        // Create the key.
        CryptoKey createdKey = client.updateCryptoKey(key, fieldMask);
        System.out.printf("Updated key %s%n", createdKey.getName());
    }
}
Also used : CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) CryptoKey(com.google.cloud.kms.v1.CryptoKey) FieldMask(com.google.protobuf.FieldMask) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 70 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class UpdateKeyUpdateLabels method updateKeyUpdateLabels.

// Create a new key that is used for symmetric encryption and decryption.
public void updateKeyUpdateLabels(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the parent name from the project, location, and key ring.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // 
        // Step 1 - get the current set of labels on the key
        // 
        // Get the current key.
        CryptoKey key = client.getCryptoKey(cryptoKeyName);
        // 
        // Step 2 - add a label to the list of labels
        // 
        // Add a new label.
        key = key.toBuilder().putLabels("new_label", "new_value").build();
        // Construct the field mask.
        FieldMask fieldMask = FieldMaskUtil.fromString("labels");
        // Update the key.
        CryptoKey updatedKey = client.updateCryptoKey(key, fieldMask);
        System.out.printf("Updated key %s%n", updatedKey.getName());
    }
}
Also used : CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) CryptoKey(com.google.cloud.kms.v1.CryptoKey) FieldMask(com.google.protobuf.FieldMask) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Aggregations

KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)185 CryptoKey (com.google.cloud.kms.v1.CryptoKey)56 CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)39 CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)33 ByteString (com.google.protobuf.ByteString)20 KeyRingName (com.google.cloud.kms.v1.KeyRingName)17 KeyRing (com.google.cloud.kms.v1.KeyRing)16 FieldMask (com.google.protobuf.FieldMask)16 PublicKey (com.google.cloud.kms.v1.PublicKey)14 ImportJob (com.google.cloud.kms.v1.ImportJob)10 Test (org.junit.Test)10 Digest (com.google.cloud.kms.v1.Digest)8 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)8 Policy (com.google.iam.v1.Policy)8 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)7 AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)6 AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)6 LocationName (com.google.cloud.kms.v1.LocationName)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial