IDataProtector IDataProtectionProvider.CreateProtector(string purpose) { IDataProtector cached; if (_dataProtectorCache.TryGetValue(purpose, out cached)) { return(cached); } // Create the crypto key: var keyRingName = string.Format( "projects/{0}/locations/{1}/keyRings/{2}", _options.Value.ProjectId, _options.Value.Location, _options.Value.KeyRing); string rotationPeriod = string.Format("{0}s", TimeSpan.FromDays(7).TotalSeconds); CryptoKey cryptoKeyToCreate = new CryptoKey() { Purpose = "ENCRYPT_DECRYPT", NextRotationTime = DateTime.UtcNow.AddDays(7), RotationPeriod = rotationPeriod }; var request = new ProjectsResource.LocationsResource .KeyRingsResource.CryptoKeysResource.CreateRequest( _kms, cryptoKeyToCreate, keyRingName); string keyId = EscapeKeyId(purpose); request.CryptoKeyId = keyId; string keyName; try { keyName = request.Execute().Name; } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) { // Already exists. Ok. keyName = string.Format("{0}/cryptoKeys/{1}", keyRingName, keyId); } var newProtector = new KmsDataProtector(_kms, keyName, (string innerPurpose) => this.CreateProtector($"{purpose}.{innerPurpose}")); _dataProtectorCache.TryAdd(purpose, newProtector); return(newProtector); }
// [END kms_get_cryptokey] // [START kms_create_cryptokey] public static object CreateCryptoKey(string projectId, string location, string keyRing, string cryptoKey) { var cloudKms = CreateAuthorizedClient(); // Generate the full path of the parent to use for creating the crypto key. var parent = $"projects/{projectId}/locations/{location}/keyRings/{keyRing}"; CryptoKey cryptoKeyToCreate = new CryptoKey(); cryptoKeyToCreate.Purpose = "ENCRYPT_DECRYPT"; var request = new ProjectsResource.LocationsResource.KeyRingsResource.CryptoKeysResource.CreateRequest( cloudKms, cryptoKeyToCreate, parent); request.CryptoKeyId = cryptoKey; var result = request.Execute(); Console.Write($"Created Crypto Key: {result.Name}"); return(0); }
public KmsDataProtectionProvider(IOptions <KmsDataProtectionProviderOptions> options) { _options = options; GoogleCredential credential = GoogleCredential.GetApplicationDefaultAsync().Result; if (credential.IsCreateScopedRequired) { credential = credential.CreateScoped(new[] { CloudKMSService.Scope.CloudPlatform }); } _kms = new CloudKMSService(new BaseClientService.Initializer { HttpClientInitializer = credential, GZipEnabled = false }); var parent = string.Format("projects/{0}/locations/{1}", options.Value.ProjectId, options.Value.Location); KeyRing keyRingToCreate = new KeyRing(); var request = new ProjectsResource.LocationsResource.KeyRingsResource.CreateRequest(_kms, keyRingToCreate, parent); request.KeyRingId = options.Value.KeyRing; try { request.Execute(); } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) /* Already exists. Ok.*/ } { } IDataProtector IDataProtectionProvider.CreateProtector(string purpose) { IDataProtector cached; if (_dataProtectorCache.TryGetValue(purpose, out cached)) { return(cached); } var keyRingName = string.Format( "projects/{0}/locations/{1}/keyRings/{2}", _options.Value.ProjectId, _options.Value.Location, _options.Value.KeyRing); string rotationPeriod = string.Format("{0}s", TimeSpan.FromDays(7).TotalSeconds); CryptoKey cryptoKeyToCreate = new CryptoKey() { Purpose = "ENCRYPT_DECRYPT", NextRotationTime = DateTime.UtcNow.AddDays(7), RotationPeriod = rotationPeriod }; var request = new ProjectsResource.LocationsResource.KeyRingsResource.CryptoKeysResource.CreateRequest(_kms, cryptoKeyToCreate, keyRingName); string keyId = EscapeKeyId(purpose); request.CryptoKeyId = keyId; string keyName; try { keyName = request.Execute().Name; } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) { // Already exists. Ok. keyName = string.Format("{0}/cryptoKeys/{1}", keyRingName, keyId); } var newProtector = new KmsDataProtector(_kms, keyName, (string innerPurpose) => this.CreateProtector($"{purpose}.{innerPurpose}")); _dataProtectorCache.TryAdd(purpose, newProtector); return(newProtector); }
public static int Main(string[] args) { // Your Google Cloud Platform project ID. string projectId = "YOUR-PROJECT-ID"; if (projectId == "YOUR-" + "PROJECT-ID") { Console.Error.WriteLine("Modify Program.cs and replace YOUR-" + "PROJECT-ID with your google project id."); return(-1); } // Authorize the client using Application Default Credentials. // See: https://developers.google.com/identity/protocols/application-default-credentials GoogleCredential credential = GoogleCredential.GetApplicationDefaultAsync().Result; // Specify the Cloud Key Management Service scope. if (credential.IsCreateScopedRequired) { credential = credential.CreateScoped(new[] { CloudKMSService.Scope.CloudPlatform }); } var cloudKms = new CloudKMSService(new BaseClientService.Initializer { HttpClientInitializer = credential, GZipEnabled = false }); // Create the key ring. string location = "global"; // The resource name of the location associated with the key rings. string parent = $"projects/{projectId}/locations/{location}"; KeyRing keyRingToCreate = new KeyRing(); var request = new ProjectsResource.LocationsResource .KeyRingsResource.CreateRequest(cloudKms, keyRingToCreate, parent); string keyRingId = request.KeyRingId = "QuickStartCore"; try { request.Execute(); } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) { // Already exists. Ok. } // Create the crypto key: var keyRingName = string.Format( "projects/{0}/locations/{1}/keyRings/{2}", projectId, location, keyRingId); string rotationPeriod = string.Format("{0}s", TimeSpan.FromDays(7).TotalSeconds); CryptoKey cryptoKeyToCreate = new CryptoKey() { Purpose = "ENCRYPT_DECRYPT", NextRotationTime = DateTime.UtcNow.AddDays(7), RotationPeriod = rotationPeriod }; string keyId = "Key1"; string keyName; try { keyName = new ProjectsResource.LocationsResource .KeyRingsResource.CryptoKeysResource.CreateRequest( cloudKms, cryptoKeyToCreate, keyRingName) { CryptoKeyId = keyId }.Execute().Name; } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) { // Already exists. Ok. keyName = string.Format("{0}/cryptoKeys/{1}", keyRingName, keyId); } // Encrypt a string. var encryptResult = cloudKms.Projects.Locations.KeyRings.CryptoKeys .Encrypt(new EncryptRequest() { Plaintext = Convert.ToBase64String(Encoding.UTF8.GetBytes("Hello World.")) }, keyName).Execute(); var cipherText = Convert.FromBase64String(encryptResult.Ciphertext); // Decrypt the string. var result = cloudKms.Projects.Locations.KeyRings.CryptoKeys .Decrypt(new DecryptRequest() { Ciphertext = Convert.ToBase64String(cipherText) }, keyName).Execute(); Console.WriteLine(Encoding.UTF8.GetString(Convert.FromBase64String(result.Plaintext))); return(0); }