public CryptoKey CreateKeyLabels( string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string id = "my-asymmetric-encrypt-key") { // Create the client. KeyManagementServiceClient client = KeyManagementServiceClient.Create(); // Build the parent key ring name. KeyRingName keyRingName = new KeyRingName(projectId, locationId, keyRingId); // Build the key. CryptoKey key = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt, VersionTemplate = new CryptoKeyVersionTemplate { Algorithm = CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.GoogleSymmetricEncryption, } }; key.Labels["team"] = "alpha"; key.Labels["cost_center"] = "cc1234"; // Call the API. CryptoKey result = client.CreateCryptoKey(keyRingName, id, key); // Return the result. return(result); }
public CryptoKey CreateKeyAsymmetricSign( string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string id = "my-asymmetric-signing-key") { // Create the client. KeyManagementServiceClient client = KeyManagementServiceClient.Create(); // Build the parent key ring name. KeyRingName keyRingName = new KeyRingName(projectId, locationId, keyRingId); // Build the key. CryptoKey key = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.AsymmetricSign, VersionTemplate = new CryptoKeyVersionTemplate { Algorithm = CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.RsaSignPkcs12048Sha256, }, // Optional: customize how long key versions should be kept before destroying. DestroyScheduledDuration = new Duration { Seconds = 24 * 60 * 60, } }; // Call the API. CryptoKey result = client.CreateCryptoKey(keyRingName, id, key); // Return the result. return(result); }
public CryptoKey CreateKeyHsm( string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string id = "my-hsm-encryption-key") { // Create the client. KeyManagementServiceClient client = KeyManagementServiceClient.Create(); // Build the parent key ring name. KeyRingName keyRingName = new KeyRingName(projectId, locationId, keyRingId); // Build the key. CryptoKey key = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt, VersionTemplate = new CryptoKeyVersionTemplate { ProtectionLevel = ProtectionLevel.Hsm, Algorithm = CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.GoogleSymmetricEncryption, }, // Optional: customize how long key versions should be kept before destroying. DestroyScheduledDuration = new Duration { Seconds = 24 * 60 * 60, } }; // Call the API. CryptoKey result = client.CreateCryptoKey(keyRingName, id, key); // Return the result. return(result); }
IDataProtector IDataProtectionProvider.CreateProtector(string purpose) { IDataProtector cached; if (_dataProtectorCache.TryGetValue(purpose, out cached)) { return(cached); } // Create the crypto key: CryptoKey cryptoKeyToCreate = new CryptoKey() { Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt, NextRotationTime = Timestamp.FromDateTime(DateTime.UtcNow.AddDays(7)), RotationPeriod = Duration.FromTimeSpan(TimeSpan.FromDays(7)) }; CryptoKeyName keyName = new CryptoKeyName(_googleProjectId, _keyRingLocation, _keyRingId, EscapeKeyId(purpose)); try { _kms.CreateCryptoKey(_keyRingName, keyName.CryptoKeyId, cryptoKeyToCreate); } catch (Grpc.Core.RpcException e) when(e.StatusCode == StatusCode.AlreadyExists) { // Already exists. Ok. } var newProtector = new KmsDataProtector(_kms, keyName, (string innerPurpose) => this.CreateProtector($"{purpose}.{innerPurpose}")); _dataProtectorCache.TryAdd(purpose, newProtector); return(newProtector); }
public CryptoKey CreateKeyHsm( string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string id = "my-hsm-encryption-key") { // Create the client. KeyManagementServiceClient client = KeyManagementServiceClient.Create(); // Build the parent key ring name. KeyRingName keyRingName = new KeyRingName(projectId, locationId, keyRingId); // Build the key. CryptoKey key = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt, VersionTemplate = new CryptoKeyVersionTemplate { ProtectionLevel = ProtectionLevel.Hsm, Algorithm = CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.GoogleSymmetricEncryption, } }; // Call the API. CryptoKey result = client.CreateCryptoKey(keyRingName, id, key); // Return the result. return(result); }
public CryptoKey CreateKeyAsymmetricDecrypt( string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string id = "my-asymmetric-encrypt-key") { // Create the client. KeyManagementServiceClient client = KeyManagementServiceClient.Create(); // Build the parent key ring name. KeyRingName keyRingName = new KeyRingName(projectId, locationId, keyRingId); // Build the key. CryptoKey key = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.AsymmetricDecrypt, VersionTemplate = new CryptoKeyVersionTemplate { Algorithm = CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.RsaDecryptOaep2048Sha256, } }; // Call the API. CryptoKey result = client.CreateCryptoKey(keyRingName, id, key); // Return the result. return(result); }
// [END kms_get_cryptokey] // [START kms_create_cryptokey] public static void CreateCryptoKey(string projectId, string locationId, string keyRingId, string cryptoKeyId) { KeyManagementServiceClient client = KeyManagementServiceClient.Create(); // The KeyRing in which to create the CryptoKey. KeyRingName keyRingName = new KeyRingName(projectId, locationId, keyRingId); CryptoKey cryptoKeyToCreate = new CryptoKey(); cryptoKeyToCreate.Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt; CryptoKey result = client.CreateCryptoKey(keyRingName, cryptoKeyId, cryptoKeyToCreate); Console.Write($"Created Crypto Key: {result.Name}"); }
public CryptoKey CreateKeyRotationSchedule( string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string id = "my-key-with-rotation-schedule") { // Create the client. KeyManagementServiceClient client = KeyManagementServiceClient.Create(); // Build the parent key ring name. KeyRingName keyRingName = new KeyRingName(projectId, locationId, keyRingId); // Build the key. CryptoKey key = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt, VersionTemplate = new CryptoKeyVersionTemplate { Algorithm = CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.GoogleSymmetricEncryption, }, // Rotate the key every 30 days. RotationPeriod = new Duration { Seconds = 60 * 60 * 24 * 30, // 30 days }, // Start the first rotation in 24 hours. NextRotationTime = new Timestamp { Seconds = new DateTimeOffset(DateTime.UtcNow.AddHours(24)).ToUnixTimeSeconds(), } }; // Call the API. CryptoKey result = client.CreateCryptoKey(keyRingName, id, key); // Return the result. return(result); }
public CryptoKey CreateSymmetricKey(string keyId) { KeyManagementServiceClient client = KeyManagementServiceClient.Create(); var request = new CreateCryptoKeyRequest { ParentAsKeyRingName = KeyRingName, CryptoKeyId = keyId, CryptoKey = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt, VersionTemplate = new CryptoKeyVersionTemplate { Algorithm = CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.GoogleSymmetricEncryption, }, }, }; request.CryptoKey.Labels["foo"] = "bar"; request.CryptoKey.Labels["zip"] = "zap"; return(client.CreateCryptoKey(request)); }
public CryptoKey CreateAsymmetricSignRsaKey(string keyId) { KeyManagementServiceClient client = KeyManagementServiceClient.Create(); var request = new CreateCryptoKeyRequest { ParentAsKeyRingName = KeyRingName, CryptoKeyId = keyId, CryptoKey = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.AsymmetricSign, VersionTemplate = new CryptoKeyVersionTemplate { Algorithm = CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.RsaSignPss2048Sha256, }, }, }; request.CryptoKey.Labels["foo"] = "bar"; request.CryptoKey.Labels["zip"] = "zap"; return(client.CreateCryptoKey(request)); }
public CryptoKey CreateMacKey(string keyId) { KeyManagementServiceClient client = KeyManagementServiceClient.Create(); var request = new CreateCryptoKeyRequest { ParentAsKeyRingName = KeyRingName, CryptoKeyId = keyId, CryptoKey = new CryptoKey { Purpose = CryptoKey.Types.CryptoKeyPurpose.Mac, VersionTemplate = new CryptoKeyVersionTemplate { Algorithm = CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.HmacSha256, ProtectionLevel = ProtectionLevel.Hsm, }, }, }; request.CryptoKey.Labels["foo"] = "bar"; request.CryptoKey.Labels["zip"] = "zap"; return(client.CreateCryptoKey(request)); }