public async Task <string> Encrypt(string data, string serviceAccountId, bool createKeyIfMissing = true)
{
var safeId = KeyIdCreator.Create(serviceAccountId);
var keyring = new KeyRingName(mProjectName, mKeyringLocation, mKeyringName);
var cryptoKeyName =
new CryptoKeyName(mProjectName, mKeyringLocation, mKeyringName, safeId);
try
{
await mKmsService.GetCryptoKeyAsync(cryptoKeyName);
} catch (RpcException e) when(e.StatusCode == StatusCode.NotFound && createKeyIfMissing)
{
var key = new CryptoKey
{
Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt,
VersionTemplate = new CryptoKeyVersionTemplate
{
ProtectionLevel = ProtectionLevel.Software
}
};
if (mRotationPeriod.HasValue)
{
key.NextRotationTime = (DateTime.UtcNow + mRotationPeriod.Value).ToTimestamp();
key.RotationPeriod = Duration.FromTimeSpan(mRotationPeriod.Value);
}
var request = await mKmsService.CreateCryptoKeyAsync(keyring, safeId, key);
}
var cryptoKeyPathName = new CryptoKeyPathName(mProjectName, mKeyringLocation, mKeyringName, safeId);
var encryted = await mKmsService.EncryptAsync(cryptoKeyPathName, ByteString.FromBase64(data));
return(encryted.Ciphertext.ToBase64());
}
public override EncryptResponse Encrypt(CryptoKeyPathName name, ByteString plaintext, CallSettings callSettings = null)
{
EncryptCalls++;
return(new EncryptResponse {
Ciphertext = plaintext
});
}
internal KmsDataProtector(KeyManagementServiceClient kms,
CryptoKeyName keyName,
Func <string, IDataProtector> dataProtectorFactory)
{
_kms = kms;
_keyName = keyName;
_keyPathName = new CryptoKeyPathName(keyName.ProjectId,
keyName.LocationId, keyName.KeyRingId, keyName.CryptoKeyId);
_dataProtectorFactory = dataProtectorFactory;
}
// [END kms_add_member_to_keyring_policy]
// [START kms_encrypt]
public static void Encrypt(string projectId, string locationId, string keyRingId, string cryptoKeyId,
string plaintextFile, string ciphertextFile)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName cryptoKeyName =
new CryptoKeyName(projectId, locationId, keyRingId, cryptoKeyId);
byte[] plaintext = File.ReadAllBytes(plaintextFile);
CryptoKeyPathName pathName = CryptoKeyPathName.Parse(cryptoKeyName.ToString());
EncryptResponse result = client.Encrypt(pathName, ByteString.CopyFrom(plaintext));
// Output encrypted data to a file.
File.WriteAllBytes(ciphertextFile, result.Ciphertext.ToByteArray());
Console.Write($"Encrypted file created: {ciphertextFile}");
}
internal KmsXmlEncryptor(KeyManagementServiceClient kmsClient, CryptoKeyName keyName)
{
_kmsClient = GaxPreconditions.CheckNotNull(kmsClient, nameof(kmsClient));
_keyName = GaxPreconditions.CheckNotNull(keyName, nameof(keyName));
_keyPathName = new CryptoKeyPathName(keyName.ProjectId, keyName.LocationId, keyName.KeyRingId, keyName.CryptoKeyId);
}
