Search in sources :

Example 71 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class VerifyAsymmetricEc method verifyAsymmetricEc.

// Verify the signature of a message signed with an RSA key.
public void verifyAsymmetricEc(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message, byte[] signature) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, and key ring, key, and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey ecKey = KeyFactory.getInstance("EC").generatePublic(keySpec);
        // Verify the 'RSA_SIGN_PKCS1_2048_SHA256' signature.
        // For other key algorithms:
        // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature
        Signature ecVerify = Signature.getInstance("SHA256withECDSA");
        ecVerify.initVerify(ecKey);
        ecVerify.update(plaintext);
        // Verify the signature.
        boolean verified = ecVerify.verify(signature);
        System.out.printf("Signature verified: %s", verified);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) Signature(java.security.Signature) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 72 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class VerifyAsymmetricRsa method verifyAsymmetricRsa.

// Verify the signature of a message signed with an RSA key.
public void verifyAsymmetricRsa(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message, byte[] signature) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, and key ring, key, and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        // Verify the 'RSA_SIGN_PKCS1_2048_SHA256' signature.
        // For other key algorithms:
        // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature
        Signature rsaVerify = Signature.getInstance("SHA256withRSA");
        rsaVerify.initVerify(rsaKey);
        rsaVerify.update(plaintext);
        // Verify the signature.
        boolean verified = rsaVerify.verify(signature);
        System.out.printf("Signature verified: %s", verified);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) Signature(java.security.Signature) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 73 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class EnableKeyVersion method enableKeyVersion.

// Enable a disabled key version to be used again.
public void enableKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Build the updated key version, setting it to enabled.
        CryptoKeyVersion keyVersion = CryptoKeyVersion.newBuilder().setName(keyVersionName.toString()).setState(CryptoKeyVersionState.ENABLED).build();
        // Create a field mask of updated values.
        FieldMask fieldMask = FieldMaskUtil.fromString("state");
        // Enable the key version.
        CryptoKeyVersion response = client.updateCryptoKeyVersion(keyVersion, fieldMask);
        System.out.printf("Enabled key version: %s%n", response.getName());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) CryptoKeyVersion(com.google.cloud.kms.v1.CryptoKeyVersion) FieldMask(com.google.protobuf.FieldMask) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 74 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class GetKeyLabels method getKeyLabels.

// Get the labels associated with a key.
public void getKeyLabels(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, key ring, and keyId.
        CryptoKeyName keyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Get the key.
        CryptoKey key = client.getCryptoKey(keyName);
        // Print out each label.
        key.getLabelsMap().forEach((k, v) -> System.out.printf("%s=%s%n", k, v));
    }
}
Also used : CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) CryptoKey(com.google.cloud.kms.v1.CryptoKey) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 75 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class GetKeyVersionAttestation method getKeyVersionAttestation.

// Get the attestations for a key version
public void getKeyVersionAttestation(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, key ring, and keyId.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Get the key version.
        CryptoKeyVersion keyVersion = client.getCryptoKeyVersion(keyVersionName);
        // will be nil.
        if (!keyVersion.hasAttestation()) {
            System.out.println("no attestation");
            return;
        }
        // Print the attestation, base64-encoded.
        KeyOperationAttestation attestation = keyVersion.getAttestation();
        String format = attestation.getFormat().toString();
        byte[] content = attestation.getContent().toByteArray();
        System.out.printf("%s: %s", format, Base64.getEncoder().encodeToString(content));
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) KeyOperationAttestation(com.google.cloud.kms.v1.KeyOperationAttestation) CryptoKeyVersion(com.google.cloud.kms.v1.CryptoKeyVersion) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Aggregations

KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)185 CryptoKey (com.google.cloud.kms.v1.CryptoKey)56 CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)39 CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)33 ByteString (com.google.protobuf.ByteString)20 KeyRingName (com.google.cloud.kms.v1.KeyRingName)17 KeyRing (com.google.cloud.kms.v1.KeyRing)16 FieldMask (com.google.protobuf.FieldMask)16 PublicKey (com.google.cloud.kms.v1.PublicKey)14 ImportJob (com.google.cloud.kms.v1.ImportJob)10 Test (org.junit.Test)10 Digest (com.google.cloud.kms.v1.Digest)8 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)8 Policy (com.google.iam.v1.Policy)8 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)7 AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)6 AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)6 LocationName (com.google.cloud.kms.v1.LocationName)6