Example 6 with EncryptedKeyset
use of com.google.crypto.tink.proto.EncryptedKeyset in project tink by google.
the class CreateKeysetCommandTest method testCreateEncrypted_shouldCreateNewKeyset.
private void testCreateEncrypted_shouldCreateNewKeyset(String outFormat) throws Exception {
// This test requires KMS/internet access and thus cannot run on RBE.
assumeFalse(TestUtil.isRemoteBuildExecution());
// Create an encrypted keyset.
String masterKeyUri = TestUtil.RESTRICTED_CRYPTO_KEY_URI;
String credentialPath = TestUtil.SERVICE_ACCOUNT_FILE;
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
CreateKeysetCommand.create(outputStream, outFormat, masterKeyUri, credentialPath, template);
EncryptedKeyset encryptedKeyset = TinkeyUtil.createKeysetReader(new ByteArrayInputStream(outputStream.toByteArray()), outFormat).readEncrypted();
KeysetInfo keysetInfo = encryptedKeyset.getKeysetInfo();
assertThat(keysetInfo.getKeyInfoCount()).isEqualTo(1);
TestUtil.assertKeyInfo(template, keysetInfo.getKeyInfo(0));
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
KeysetInfo(com.google.crypto.tink.proto.KeysetInfo)
Example 7 with EncryptedKeyset
use of com.google.crypto.tink.proto.EncryptedKeyset in project tink by google.
the class KeysetHandle method decrypt.
/**
* Decrypts the encrypted keyset with the {@link Aead} master key.
*/
private static Keyset decrypt(EncryptedKeyset encryptedKeyset, Aead masterKey) throws GeneralSecurityException {
try {
Keyset keyset = Keyset.parseFrom(masterKey.decrypt(encryptedKeyset.getEncryptedKeyset().toByteArray(), /* associatedData= */
new byte[0]));
// check emptiness here too, in case the encrypted keys unwrapped to nothing?
assertEnoughKeyMaterial(keyset);
return keyset;
} catch (InvalidProtocolBufferException e) {
throw new GeneralSecurityException("invalid keyset, corrupted key material");
}
}
Also used :
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
Keyset(com.google.crypto.tink.proto.Keyset)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
Example 8 with EncryptedKeyset
use of com.google.crypto.tink.proto.EncryptedKeyset in project tink by google.
the class KeysetHandle method readWithAssociatedData.
/**
* Tries to create a {@link KeysetHandle} from an encrypted keyset obtained via {@code reader},
* using the provided associated data.
*
* <p>Users that need to load cleartext keysets can use {@link CleartextKeysetHandle}.
*
* @return a new {@link KeysetHandle} from {@code encryptedKeysetProto} that was encrypted with
* {@code masterKey}
* @throws GeneralSecurityException if cannot decrypt the keyset or it doesn't contain encrypted
* key material
*/
public static final KeysetHandle readWithAssociatedData(KeysetReader reader, Aead masterKey, byte[] associatedData) throws GeneralSecurityException, IOException {
EncryptedKeyset encryptedKeyset = reader.readEncrypted();
assertEnoughEncryptedKeyMaterial(encryptedKeyset);
return new KeysetHandle(decrypt(encryptedKeyset, masterKey, associatedData));
}
Also used :
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
Example 9 with EncryptedKeyset
use of com.google.crypto.tink.proto.EncryptedKeyset in project tink by google.
the class RotateKeysetCommandTest method testRotateEncrypted_shouldAddNewKey.
@Test
public void testRotateEncrypted_shouldAddNewKey() throws Exception {
// This test requires KMS/internet access and thus cannot run on RBE.
assumeFalse(TestUtil.isRemoteBuildExecution());
// Create an input stream containing an encrypted keyset.
String masterKeyUri = TestUtil.RESTRICTED_CRYPTO_KEY_URI;
String credentialPath = TestUtil.SERVICE_ACCOUNT_FILE;
InputStream inputStream = TinkeyUtil.createKeyset(existingTemplate, INPUT_FORMAT, masterKeyUri, credentialPath);
EncryptedKeyset encryptedKeyset = addNewKeyToKeyset(OUTPUT_FORMAT, inputStream, INPUT_FORMAT, masterKeyUri, credentialPath, newTemplate).readEncrypted();
KeysetInfo keysetInfo = encryptedKeyset.getKeysetInfo();
assertThat(keysetInfo.getKeyInfoCount()).isEqualTo(2);
assertThat(keysetInfo.getPrimaryKeyId()).isEqualTo(keysetInfo.getKeyInfo(1).getKeyId());
TestUtil.assertKeyInfo(existingTemplate, keysetInfo.getKeyInfo(0));
TestUtil.assertKeyInfo(newTemplate, keysetInfo.getKeyInfo(0));
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
KeysetInfo(com.google.crypto.tink.proto.KeysetInfo)
Test(org.junit.Test)
Aggregations
EncryptedKeyset (com.google.crypto.tink.proto.EncryptedKeyset)9
KeysetInfo (com.google.crypto.tink.proto.KeysetInfo)3
ByteArrayInputStream (java.io.ByteArrayInputStream)3
Keyset (com.google.crypto.tink.proto.Keyset)2
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2
InputStream (java.io.InputStream)2
GeneralSecurityException (java.security.GeneralSecurityException)2
Test (org.junit.Test)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
