Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
daniel-sanche authored and busunkim96 committed Jun 4, 2020
1 parent e0f68d2 commit 0e02187
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 8 deletions.
24 changes: 17 additions & 7 deletions samples/snippets/asymmetric.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@

# [START kms_get_asymmetric_public]
def getAsymmetricPublicKey(client, key_path):
"""Retrieves the public key from a saved asymmetric key pair on Cloud KMS
"""
Retrieves the public key from a saved asymmetric key pair on Cloud KMS
"""
request = client.projects() \
.locations() \
Expand All @@ -41,7 +42,9 @@ def getAsymmetricPublicKey(client, key_path):

# [START kms_decrypt_rsa]
def decryptRSA(ciphertext, client, key_path):
"""Decrypt a given ciphertext using an RSA private key stored on Cloud KMS
"""
Decrypt a given ciphertext using an 'RSA_DECRYPT_OAEP_2048_SHA256' private
key stored on Cloud KMS
"""
request = client.projects() \
.locations() \
Expand All @@ -58,7 +61,9 @@ def decryptRSA(ciphertext, client, key_path):

# [START kms_encrypt_rsa]
def encryptRSA(message, client, key_path):
"""Encrypt message locally using an RSA public key retrieved from Cloud KMS
"""
Encrypt message locally using an 'RSA_DECRYPT_OAEP_2048_SHA256' public
key retrieved from Cloud KMS
"""
public_key = getAsymmetricPublicKey(client, key_path)
pad = padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
Expand All @@ -72,8 +77,11 @@ def encryptRSA(message, client, key_path):

# [START kms_sign_asymmetric]
def signAsymmetric(message, client, key_path):
"""Create a signature for a message using a private key stored on Cloud KMS
"""
Create a signature for a message using a private key stored on Cloud KMS
"""
# Note: some key algorithms will require a different hash function
# For example, EC_SIGN_P384_SHA384 requires SHA384
digest_bytes = hashlib.sha256(message.encode('ascii')).digest()
digest64 = base64.b64encode(digest_bytes)

Expand All @@ -92,8 +100,9 @@ def signAsymmetric(message, client, key_path):

# [START kms_verify_signature_rsa]
def verifySignatureRSA(signature, message, client, key_path):
"""Verify the validity of an 'RSA_SIGN_PSS_2048_SHA256' signature
for the specified plaintext message
"""
Verify the validity of an 'RSA_SIGN_PSS_2048_SHA256' signature for the
specified plaintext message
"""
public_key = getAsymmetricPublicKey(client, key_path)

Expand All @@ -116,7 +125,8 @@ def verifySignatureRSA(signature, message, client, key_path):

# [START kms_verify_signature_ec]
def verifySignatureEC(signature, message, client, key_path):
"""Verify the validity of an 'EC_SIGN_P224_SHA256' signature
"""
Verify the validity of an 'EC_SIGN_P256_SHA256' signature
for the specified plaintext message
"""
public_key = getAsymmetricPublicKey(client, key_path)
Expand Down
2 changes: 1 addition & 1 deletion samples/snippets/asymmetric_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ def setup_module(module):
s2 = create_key_helper(t.rsaSignId, t.rsaSign, 'ASYMMETRIC_SIGN',
'RSA_SIGN_PSS_2048_SHA256', t)
s3 = create_key_helper(t.ecSignId, t.ecSign, 'ASYMMETRIC_SIGN',
'EC_SIGN_P224_SHA256', t)
'EC_SIGN_P256_SHA256', t)
if s1 or s2 or s3:
# leave time for keys to initialize
sleep(20)
Expand Down

0 comments on commit 0e02187

Please sign in to comment.