public async Task <string> Encrypt(string data, string serviceAccountId, bool createKeyIfMissing = true) { var safeId = KeyIdCreator.Create(serviceAccountId); var keyring = new KeyRingName(mProjectName, mKeyringLocation, mKeyringName); var cryptoKeyName = new CryptoKeyName(mProjectName, mKeyringLocation, mKeyringName, safeId); try { await mKmsService.GetCryptoKeyAsync(cryptoKeyName); } catch (RpcException e) when(e.StatusCode == StatusCode.NotFound && createKeyIfMissing) { var key = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt, VersionTemplate = new CryptoKeyVersionTemplate { ProtectionLevel = ProtectionLevel.Software } }; if (mRotationPeriod.HasValue) { key.NextRotationTime = (DateTime.UtcNow + mRotationPeriod.Value).ToTimestamp(); key.RotationPeriod = Duration.FromTimeSpan(mRotationPeriod.Value); } var request = await mKmsService.CreateCryptoKeyAsync(keyring, safeId, key); } var cryptoKeyPathName = new CryptoKeyPathName(mProjectName, mKeyringLocation, mKeyringName, safeId); var encryted = await mKmsService.EncryptAsync(cryptoKeyPathName, ByteString.FromBase64(data)); return(encryted.Ciphertext.ToBase64()); }
public override EncryptResponse Encrypt(CryptoKeyPathName name, ByteString plaintext, CallSettings callSettings = null) { EncryptCalls++; return(new EncryptResponse { Ciphertext = plaintext }); }
internal KmsDataProtector(KeyManagementServiceClient kms, CryptoKeyName keyName, Func <string, IDataProtector> dataProtectorFactory) { _kms = kms; _keyName = keyName; _keyPathName = new CryptoKeyPathName(keyName.ProjectId, keyName.LocationId, keyName.KeyRingId, keyName.CryptoKeyId); _dataProtectorFactory = dataProtectorFactory; }
// [END kms_add_member_to_keyring_policy] // [START kms_encrypt] public static void Encrypt(string projectId, string locationId, string keyRingId, string cryptoKeyId, string plaintextFile, string ciphertextFile) { KeyManagementServiceClient client = KeyManagementServiceClient.Create(); CryptoKeyName cryptoKeyName = new CryptoKeyName(projectId, locationId, keyRingId, cryptoKeyId); byte[] plaintext = File.ReadAllBytes(plaintextFile); CryptoKeyPathName pathName = CryptoKeyPathName.Parse(cryptoKeyName.ToString()); EncryptResponse result = client.Encrypt(pathName, ByteString.CopyFrom(plaintext)); // Output encrypted data to a file. File.WriteAllBytes(ciphertextFile, result.Ciphertext.ToByteArray()); Console.Write($"Encrypted file created: {ciphertextFile}"); }
internal KmsXmlEncryptor(KeyManagementServiceClient kmsClient, CryptoKeyName keyName) { _kmsClient = GaxPreconditions.CheckNotNull(kmsClient, nameof(kmsClient)); _keyName = GaxPreconditions.CheckNotNull(keyName, nameof(keyName)); _keyPathName = new CryptoKeyPathName(keyName.ProjectId, keyName.LocationId, keyName.KeyRingId, keyName.CryptoKeyId); }