Search in sources :

Example 1 with MacSignResponse

use of com.google.cloud.kms.v1.MacSignResponse in project java-kms by googleapis.

the class SignMac method signMac.

// Sign data with a given mac key.
public void signMac(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String data) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Generate an HMAC of the data.
        MacSignResponse response = client.macSign(keyVersionName, ByteString.copyFromUtf8(data));
        // The data comes back as raw bytes, which may include non-printable
        // characters. This base64-encodes the result so it can be printed below.
        String encodedSignature = Base64.getEncoder().encodeToString(response.getMac().toByteArray());
        System.out.printf("Signature: %s%n", encodedSignature);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) MacSignResponse(com.google.cloud.kms.v1.MacSignResponse) ByteString(com.google.protobuf.ByteString) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 2 with MacSignResponse

use of com.google.cloud.kms.v1.MacSignResponse in project java-kms by googleapis.

the class SnippetsIT method verifyMac.

@Test
public void verifyMac() throws IOException, GeneralSecurityException {
    String data = "my data";
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, MAC_KEY_ID, "1");
        MacSignResponse response = client.macSign(versionName, ByteString.copyFromUtf8(data));
        new VerifyMac().verifyMac(PROJECT_ID, LOCATION_ID, KEY_RING_ID, MAC_KEY_ID, "1", data, response.getMac().toByteArray());
        assertThat(stdOut.toString()).contains("Success: true");
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) MacSignResponse(com.google.cloud.kms.v1.MacSignResponse) ByteString(com.google.protobuf.ByteString) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) Test(org.junit.Test)

Aggregations

CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)2 KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)2 MacSignResponse (com.google.cloud.kms.v1.MacSignResponse)2 ByteString (com.google.protobuf.ByteString)2 Test (org.junit.Test)1