23 พฤศจิกายน 2563

Encrypt and decrypt data with Google Cloud KMS (Asymmetric)

Follow this tutorial if you want to use Google Managed Key on Google Cloud KMS.

But if you want to create your own key and upload it to Google Cloud KMS, please follow these steps

Generate key in der format

openssl genrsa -out key-pri.pem 3072

openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER \
-in key-pri.pem \
-out key-pri.der

openssl rsa -in key-pri.pem -pubout -out key-pub.pem


Upload key (.der file) to Google Cloud KMS

gcloud kms import-jobs create job \
--project ${PROJECT_ID} \
--location global \
--keyring ${KEY_RING} \
--import-method rsa-oaep-3072-sha1-aes-256 \
--protection-level software

gcloud kms keys versions import \
--project ${PROJECT_ID} \
--import-job job \
--location global \
--keyring ${KEY_RING} \
--key key \
--algorithm rsa-decrypt-oaep-3072-sha256 \
--target-key-file key.der

*you need to install crypto first


ไม่มีความคิดเห็น:

แสดงความคิดเห็น

บทความยอดนิยม (ล่าสุด)

บทความยอดนิยม (1 ปีย้อนหลัง)