Examples with KeyManagementServiceClient com.google.cloud.kms.v1.KeyManagementServiceClient used on opensource projects

Example 86 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class CreateKeyAsymmetricSign method createKeyAsymmetricSign.

// Create a new asymmetric key for the purpose of signing and verifying data.
public void createKeyAsymmetricSign(String projectId, String locationId, String keyRingId, String id) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the parent name from the project, location, and key ring.
        KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);
        // Build the asymmetric key to create.
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ASYMMETRIC_SIGN).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256)).setDestroyScheduledDuration(Duration.newBuilder().setSeconds(24 * 60 * 60)).build();
        // Create the key.
        CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
        System.out.printf("Created asymmetric key %s%n", createdKey.getName());
    }
}

Example 87 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class CreateKeyHsm method createKeyHsm.

// Create a new key that is stored in an HSM.
public void createKeyHsm(String projectId, String locationId, String keyRingId, String id) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the parent name from the project, location, and key ring.
        KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);
        // Build the hsm key to create.
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setProtectionLevel(ProtectionLevel.HSM).setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).setDestroyScheduledDuration(Duration.newBuilder().setSeconds(24 * 60 * 60)).build();
        // Create the key.
        CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
        System.out.printf("Created hsm key %s%n", createdKey.getName());
    }
}

Example 88 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class SignAsymmetric method signAsymmetric.

// Get the public key associated with an asymmetric key.
public void signAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Calculate the digest.
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        byte[] hash = sha256.digest(plaintext);
        // Build the digest object.
        Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
        // Optional, but recommended: compute digest's CRC32C. See helper below.
        long digestCrc32c = getCrc32cAsLong(hash);
        // Sign the digest.
        AsymmetricSignRequest request = AsymmetricSignRequest.newBuilder().setName(keyVersionName.toString()).setDigest(digest).setDigestCrc32C(Int64Value.newBuilder().setValue(digestCrc32c).build()).build();
        AsymmetricSignResponse response = client.asymmetricSign(request);
        // https://cloud.google.com/kms/docs/data-integrity-guidelines
        if (!response.getVerifiedDigestCrc32C()) {
            throw new IOException("AsymmetricSign: request to server corrupted");
        }
        // See helper below.
        if (!crcMatches(response.getSignatureCrc32C().getValue(), response.getSignature().toByteArray())) {
            throw new IOException("AsymmetricSign: response from server corrupted");
        }
        // Get the signature.
        byte[] signature = response.getSignature().toByteArray();
        System.out.printf("Signature %s%n", signature);
    }
}

Example 89 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class UpdateKeyAddRotation method updateKeyAddRotation.

// Update a key to add or change a rotation schedule.
public void updateKeyAddRotation(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, and key ring.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Calculate the date 24 hours from now (this is used below).
        long tomorrow = java.time.Instant.now().plus(24, ChronoUnit.HOURS).getEpochSecond();
        // Build the key to update with a rotation schedule.
        CryptoKey key = CryptoKey.newBuilder().setName(cryptoKeyName.toString()).setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).setRotationPeriod(Duration.newBuilder().setSeconds(java.time.Duration.ofDays(30).getSeconds())).setNextRotationTime(Timestamp.newBuilder().setSeconds(tomorrow)).build();
        // Construct the field mask.
        FieldMask fieldMask = FieldMaskUtil.fromString("rotation_period,next_rotation_time");
        // Update the key.
        CryptoKey updatedKey = client.updateCryptoKey(key, fieldMask);
        System.out.printf("Updated key %s%n", updatedKey.getName());
    }
}

Example 90 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class UpdateKeySetPrimary method updateKeySetPrimary.

// Update a key's primary version.
public void updateKeySetPrimary(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, key ring, and keyId.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Create the key.
        CryptoKey createdKey = client.updateCryptoKeyPrimaryVersion(cryptoKeyName, keyVersionId);
        System.out.printf("Updated key primary version %s%n", createdKey.getName());
    }
}