Search in sources :

Example 6 with PublicKey

use of com.google.cloud.kms.v1.PublicKey in project java-kms by googleapis.

the class GetPublicKey method getPublicKey.

// Get the public key associated with an asymmetric key.
public void getPublicKey(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        System.out.printf("Public key: %s%n", publicKey.getPem());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 7 with PublicKey

use of com.google.cloud.kms.v1.PublicKey in project java-docs-samples by GoogleCloudPlatform.

the class VerifyAsymmetricEc method verifyAsymmetricEc.

// Verify the signature of a message signed with an RSA key.
public void verifyAsymmetricEc(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message, byte[] signature) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, and key ring, key, and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey ecKey = KeyFactory.getInstance("EC").generatePublic(keySpec);
        // Verify the 'RSA_SIGN_PKCS1_2048_SHA256' signature.
        // For other key algorithms:
        // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature
        Signature ecVerify = Signature.getInstance("SHA256withECDSA");
        ecVerify.initVerify(ecKey);
        ecVerify.update(plaintext);
        // Verify the signature.
        boolean verified = ecVerify.verify(signature);
        System.out.printf("Signature verified: %s", verified);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) Signature(java.security.Signature) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 8 with PublicKey

use of com.google.cloud.kms.v1.PublicKey in project java-docs-samples by GoogleCloudPlatform.

the class VerifyAsymmetricRsa method verifyAsymmetricRsa.

// Verify the signature of a message signed with an RSA key.
public void verifyAsymmetricRsa(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message, byte[] signature) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, and key ring, key, and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        // Verify the 'RSA_SIGN_PKCS1_2048_SHA256' signature.
        // For other key algorithms:
        // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature
        Signature rsaVerify = Signature.getInstance("SHA256withRSA");
        rsaVerify.initVerify(rsaKey);
        rsaVerify.update(plaintext);
        // Verify the signature.
        boolean verified = rsaVerify.verify(signature);
        System.out.printf("Signature verified: %s", verified);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) Signature(java.security.Signature) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 9 with PublicKey

use of com.google.cloud.kms.v1.PublicKey in project java-docs-samples by GoogleCloudPlatform.

the class SnippetsIT method testDecryptAsymmetric.

@Test
public void testDecryptAsymmetric() throws IOException, GeneralSecurityException {
    String plaintext = "my message";
    byte[] ciphertext;
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1");
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
        OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
        cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
        ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
    }
    new DecryptAsymmetric().decryptAsymmetric(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1", ciphertext);
    assertThat(stdOut.toString()).contains("my message");
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) ByteString(com.google.protobuf.ByteString) Cipher(javax.crypto.Cipher) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec) Test(org.junit.Test)

Example 10 with PublicKey

use of com.google.cloud.kms.v1.PublicKey in project java-docs-samples by GoogleCloudPlatform.

the class EncryptAsymmetric method encryptAsymmetric.

// Encrypt data that was encrypted using the public key component of the given
// key version.
public void encryptAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String plaintext) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        // Encrypt plaintext for the 'RSA_DECRYPT_OAEP_2048_SHA256' key.
        // For other key algorithms:
        // https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
        OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
        cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
        byte[] ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
        System.out.printf("Ciphertext: %s%n", ciphertext);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) Cipher(javax.crypto.Cipher) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)

Aggregations

KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)14 PublicKey (com.google.cloud.kms.v1.PublicKey)14 CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)11 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 Signature (java.security.Signature)4 Cipher (javax.crypto.Cipher)4 OAEPParameterSpec (javax.crypto.spec.OAEPParameterSpec)4 ByteString (com.google.protobuf.ByteString)3 GetPublicKeyRequest (com.google.cloud.kms.v1.GetPublicKeyRequest)2 Test (org.junit.Test)2 Certificate (com.google.cloud.security.privateca.v1.Certificate)1 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)1 SubjectConfig (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)1 CreateCertificateRequest (com.google.cloud.security.privateca.v1.CreateCertificateRequest)1 PublicKey (com.google.cloud.security.privateca.v1.PublicKey)1 X509Parameters (com.google.cloud.security.privateca.v1.X509Parameters)1 IOException (java.io.IOException)1