Example 96 with KeyManagementServiceClient
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class SnippetsIT method testDecryptAsymmetric.
@Test
public void testDecryptAsymmetric() throws IOException, GeneralSecurityException {
String plaintext = "my message";
byte[] ciphertext;
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1");
PublicKey publicKey = client.getPublicKey(keyVersionName);
byte[] derKey = convertPemToDer(publicKey.getPem());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
}
new DecryptAsymmetric().decryptAsymmetric(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1", ciphertext);
assertThat(stdOut.toString()).contains("my message");
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
PublicKey(com.google.cloud.kms.v1.PublicKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
ByteString(com.google.protobuf.ByteString)
Cipher(javax.crypto.Cipher)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
Test(org.junit.Test)
Example 97 with KeyManagementServiceClient
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class SnippetsIT method testVerifyAsymmetricEc.
@Test
public void testVerifyAsymmetricEc() throws IOException, GeneralSecurityException {
String message = "my message";
byte[] signature;
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_EC_KEY_ID, "1");
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
byte[] hash = sha256.digest(message.getBytes(StandardCharsets.UTF_8));
Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
signature = client.asymmetricSign(versionName, digest).getSignature().toByteArray();
}
new VerifyAsymmetricEc().verifyAsymmetricEc(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_EC_KEY_ID, "1", message, signature);
assertThat(stdOut.toString()).contains("Signature");
}
Also used :
CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName)
MessageDigest(java.security.MessageDigest)
Digest(com.google.cloud.kms.v1.Digest)
ByteString(com.google.protobuf.ByteString)
MessageDigest(java.security.MessageDigest)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Test(org.junit.Test)
Example 98 with KeyManagementServiceClient
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class SnippetsIT method testDecryptSymmetric.
@Test
public void testDecryptSymmetric() throws IOException {
String plaintext = "my plaintext";
byte[] ciphertext;
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
CryptoKeyName keyName = CryptoKeyName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, SYMMETRIC_KEY_ID);
EncryptResponse result = client.encrypt(keyName, ByteString.copyFromUtf8(plaintext));
ciphertext = result.getCiphertext().toByteArray();
}
new DecryptSymmetric().decryptSymmetric(PROJECT_ID, LOCATION_ID, KEY_RING_ID, SYMMETRIC_KEY_ID, ciphertext);
assertThat(stdOut.toString()).contains(plaintext);
}
Also used :
EncryptResponse(com.google.cloud.kms.v1.EncryptResponse)
CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)
ByteString(com.google.protobuf.ByteString)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Test(org.junit.Test)
Example 99 with KeyManagementServiceClient
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class SnippetsIT method createAsymmetricSignRsaKey.
private static CryptoKey createAsymmetricSignRsaKey(String keyId) throws IOException {
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ASYMMETRIC_SIGN).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256).build()).putLabels("foo", "bar").putLabels("zip", "zap").build();
CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key);
return createdKey;
}
}
Also used :
CryptoKey(com.google.cloud.kms.v1.CryptoKey)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 100 with KeyManagementServiceClient
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class CreateKeyLabels method createKeyLabels.
// Create a new key with labels.
public void createKeyLabels(String projectId, String locationId, String keyRingId, String id) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the parent name from the project, location, and key ring.
KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);
// Build the key to create with labels.
CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).putLabels("team", "alpha").putLabels("cost_center", "cc1234").build();
// Create the key.
CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
System.out.printf("Created key with labels %s%n", createdKey.getName());
}
}
Also used :
CryptoKey(com.google.cloud.kms.v1.CryptoKey)
KeyRingName(com.google.cloud.kms.v1.KeyRingName)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Aggregations
KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)185
CryptoKey (com.google.cloud.kms.v1.CryptoKey)56
CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)39
CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37
CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)33
ByteString (com.google.protobuf.ByteString)20
KeyRingName (com.google.cloud.kms.v1.KeyRingName)17
KeyRing (com.google.cloud.kms.v1.KeyRing)16
FieldMask (com.google.protobuf.FieldMask)16
PublicKey (com.google.cloud.kms.v1.PublicKey)14
ImportJob (com.google.cloud.kms.v1.ImportJob)10
Test (org.junit.Test)10
Digest (com.google.cloud.kms.v1.Digest)8
EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)8
Policy (com.google.iam.v1.Policy)8
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8
DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)7
AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)6
AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)6
LocationName (com.google.cloud.kms.v1.LocationName)6
