Skip to content

Commit

Permalink
KMS import comments [(#1771)](#1771)
Browse files Browse the repository at this point in the history
added import comments to snippets
  • Loading branch information
daniel-sanche authored and busunkim96 committed Jun 4, 2020
1 parent dc873e2 commit 30326d9
Showing 1 changed file with 29 additions and 2 deletions.
31 changes: 29 additions & 2 deletions kms/snippets/asymmetric.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,21 +13,23 @@
# See the License for the specific language governing permissions and
# limitations under the License.rom googleapiclient import discovery

# [START kms_asymmetric_imports]
import base64
import hashlib

from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec, padding, utils
# [END kms_asymmetric_imports]


# [START kms_get_asymmetric_public]
def getAsymmetricPublicKey(client, key_path):
"""
Retrieves the public key from a saved asymmetric key pair on Cloud KMS
Requires:
cryptography.hazmat.backends.default_backend
cryptography.hazmat.primitives.serialization
"""
request = client.projects() \
.locations() \
Expand All @@ -47,6 +49,9 @@ def decryptRSA(ciphertext, client, key_path):
"""
Decrypt the input ciphertext (bytes) using an
'RSA_DECRYPT_OAEP_2048_SHA256' private key stored on Cloud KMS
Requires:
base64
"""
request_body = {'ciphertext': base64.b64encode(ciphertext).decode('utf-8')}
request = client.projects() \
Expand All @@ -67,6 +72,10 @@ def encryptRSA(plaintext, client, key_path):
"""
Encrypt the input plaintext (bytes) locally using an
'RSA_DECRYPT_OAEP_2048_SHA256' public key retrieved from Cloud KMS
Requires:
cryptography.hazmat.primitives.asymmetric.padding
cryptography.hazmat.primitives.hashes
"""
public_key = getAsymmetricPublicKey(client, key_path)
pad = padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
Expand All @@ -80,6 +89,10 @@ def encryptRSA(plaintext, client, key_path):
def signAsymmetric(message, client, key_path):
"""
Create a signature for a message using a private key stored on Cloud KMS
Requires:
base64
hashlib
"""
# Note: some key algorithms will require a different hash function
# For example, EC_SIGN_P384_SHA384 requires SHA384
Expand All @@ -104,6 +117,13 @@ def verifySignatureRSA(signature, message, client, key_path):
"""
Verify the validity of an 'RSA_SIGN_PSS_2048_SHA256' signature for the
specified message
Requires:
cryptography.exceptions.InvalidSignature
cryptography.hazmat.primitives.asymmetric.padding
cryptography.hazmat.primitives.asymmetric.utils
cryptography.hazmat.primitives.hashes
hashlib
"""
public_key = getAsymmetricPublicKey(client, key_path)
digest_bytes = hashlib.sha256(message).digest()
Expand All @@ -127,6 +147,13 @@ def verifySignatureEC(signature, message, client, key_path):
"""
Verify the validity of an 'EC_SIGN_P256_SHA256' signature
for the specified message
Requires:
cryptography.exceptions.InvalidSignature
cryptography.hazmat.primitives.asymmetric.ec
cryptography.hazmat.primitives.asymmetric.utils
cryptography.hazmat.primitives.hashes
hashlib
"""
public_key = getAsymmetricPublicKey(client, key_path)
digest_bytes = hashlib.sha256(message).digest()
Expand Down

0 comments on commit 30326d9

Please sign in to comment.