堆栈内存溢出
  简体   繁体   English

将公钥导入 Google KMS

[英]Importing public Key to Google KMS

 原文  2022-01-25 11:05:44       google-cloud-platform/ rsa/ public-key/ google-cloud-kms

问题描述

Use Case: client will create public/private keys and provide me the public key.用例:客户将创建公钥/私钥并向我提供公钥。 I'm suppose to Encrypt(RSA) the message with public Key and send the message to Client.我想用公钥加密(RSA)消息并将消息发送给客户端。 client will decrypt the message with private Key客户端将使用私钥解密消息

Key Generation: Client was generated the public/private keys by using openssl.密钥生成:客户端使用 openssl 生成公钥/私钥。 commands given below.下面给出的命令。

openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Challenge: I'm suppose to save the public key somewhere.挑战:我想将公钥保存在某个地方。 since we are already utilizing the Google KMS, is there a way I can maintain only the public key in Google KMS?既然我们已经在使用 Google KMS,有没有办法只维护 Google KMS 中的公钥? I have gone through https://cloud.google.com/kms/docs/importing-a-key#create_importjob but below command is failing with gcloud.kms.keys.versions.import) INVALID_ARGUMENT: Wrapped key is too short.我已经完成了https://cloud.google.com/kms/docs/importing-a-key#create_importjob但下面的命令因gcloud.kms.keys.versions.import 失败) INVALID_ARGUMENT:包装的密钥太短。

Import Command Used:使用的导入命令:

gcloud kms keys versions import \
   --import-job {job_name} \
   --location {location} \
   --keyring {keyring}  \
   --key {key_name} \
   --algorithm "rsa-decrypt-oaep-2048-sha256"\
   --rsa-aes-wrapped-key-file public.pem

also I'm not able to convert public key to PCKS#8 DER format by executing below command.我也无法通过执行以下命令将公钥转换为 PCKS#8 DER 格式。 getting / crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY获取/crypto/pem/pem_lib.c:745:期望:任何私钥

openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER \
    -in /path/to/publicKey.pem \
    -out /path/to/publicKey_formtted.pem

1 个解决方案

解决方案1
 0  2022-01-25 14:10:50

Cloud KMS is designed around securing private or secret keys. Cloud KMS 旨在保护私钥或密钥。 In most cryptographic protocols, public keys are not confidential, so you can just store it as metadata for your system and do the encryption locally in your application.在大多数加密协议中,公钥不是机密的,因此您可以将其存储为系统的元数据并在应用程序中本地进行加密。

Thanks for using GCP and Cloud KMS.感谢您使用 GCP 和 Cloud KMS。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 获取公钥时出现 Google Cloud KMS 错误 - Google Cloud KMS error when getting public key GCP KMS 导入以太坊钱包私钥 - GCP KMS Importing Ethereum Wallet private key 将预包装密钥导入 Cloud KMS 时出现问题 - Problem Importing a pre-wrapped key into Cloud KMS Google使用Terraform使用KMS密钥计算磁盘加密 - Google compute disk encryption with KMS key using Terraform Google Cloud Platform - Dataflow 不使用 KMS 密钥解密数据 - Google Cloud Platform - Dataflow doesn't decrypt data with KMS key Google Cloud KMS - 加密 SSH 密钥 (id_rsa) - Google Cloud KMS - Encrypting SSH key (id_rsa) 我们可以在 Google 中导入 PGP 加密密钥吗?可以 KMS 并使用该密钥解密 Google 存储中的文件吗? - Can we import PGP encryption key in Google could KMS and use that key decrypt the files in google storage? KMS:密钥用途不正确 - KMS : Incorrect key purpose 通过Python客户端在Google KMS中创建密钥时,是否可以指定名称? - Is there a way to specify a name when creating a key in Google KMS via the Python client? 如何使用 Google Cloud 的 Cloud KMS 存储私钥? - How do I store a private key using Google Cloud's Cloud KMS?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM