Examples with KeyManagementServiceClient com.google.cloud.kms.v1.KeyManagementServiceClient used on opensource projects

Example 71 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class VerifyAsymmetricEc method verifyAsymmetricEc.

// Verify the signature of a message signed with an RSA key.
public void verifyAsymmetricEc(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message, byte[] signature) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, and key ring, key, and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey ecKey = KeyFactory.getInstance("EC").generatePublic(keySpec);
        // Verify the 'RSA_SIGN_PKCS1_2048_SHA256' signature.
        // For other key algorithms:
        // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature
        Signature ecVerify = Signature.getInstance("SHA256withECDSA");
        ecVerify.initVerify(ecKey);
        ecVerify.update(plaintext);
        // Verify the signature.
        boolean verified = ecVerify.verify(signature);
        System.out.printf("Signature verified: %s", verified);
    }
}

Example 72 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class VerifyAsymmetricRsa method verifyAsymmetricRsa.

// Verify the signature of a message signed with an RSA key.
public void verifyAsymmetricRsa(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message, byte[] signature) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, and key ring, key, and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        // Verify the 'RSA_SIGN_PKCS1_2048_SHA256' signature.
        // For other key algorithms:
        // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature
        Signature rsaVerify = Signature.getInstance("SHA256withRSA");
        rsaVerify.initVerify(rsaKey);
        rsaVerify.update(plaintext);
        // Verify the signature.
        boolean verified = rsaVerify.verify(signature);
        System.out.printf("Signature verified: %s", verified);
    }
}

Example 73 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class EnableKeyVersion method enableKeyVersion.

// Enable a disabled key version to be used again.
public void enableKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Build the updated key version, setting it to enabled.
        CryptoKeyVersion keyVersion = CryptoKeyVersion.newBuilder().setName(keyVersionName.toString()).setState(CryptoKeyVersionState.ENABLED).build();
        // Create a field mask of updated values.
        FieldMask fieldMask = FieldMaskUtil.fromString("state");
        // Enable the key version.
        CryptoKeyVersion response = client.updateCryptoKeyVersion(keyVersion, fieldMask);
        System.out.printf("Enabled key version: %s%n", response.getName());
    }
}

Example 74 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class GetKeyLabels method getKeyLabels.

// Get the labels associated with a key.
public void getKeyLabels(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, key ring, and keyId.
        CryptoKeyName keyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Get the key.
        CryptoKey key = client.getCryptoKey(keyName);
        // Print out each label.
        key.getLabelsMap().forEach((k, v) -> System.out.printf("%s=%s%n", k, v));
    }
}

Example 75 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class GetKeyVersionAttestation method getKeyVersionAttestation.

// Get the attestations for a key version
public void getKeyVersionAttestation(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, key ring, and keyId.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Get the key version.
        CryptoKeyVersion keyVersion = client.getCryptoKeyVersion(keyVersionName);
        // will be nil.
        if (!keyVersion.hasAttestation()) {
            System.out.println("no attestation");
            return;
        }
        // Print the attestation, base64-encoded.
        KeyOperationAttestation attestation = keyVersion.getAttestation();
        String format = attestation.getFormat().toString();
        byte[] content = attestation.getContent().toByteArray();
        System.out.printf("%s: %s", format, Base64.getEncoder().encodeToString(content));
    }
}