Python KmsEnvelopeAeadKeyFormat Beispiele

Beispiel #1

def _create_kms_envelope_aead_key_template(
    kek_uri: Text, dek_template: tink_pb2.KeyTemplate) -> tink_pb2.KeyTemplate:
  """Creates a KMS Envelope AEAD KeyTemplate, and fills in its values."""
  key_format = kms_envelope_pb2.KmsEnvelopeAeadKeyFormat()
  key_format.kek_uri = kek_uri
  key_format.dek_template.MergeFrom(dek_template)
  key_template = tink_pb2.KeyTemplate()
  key_template.value = key_format.SerializeToString()
  key_template.type_url = (
      'type.googleapis.com/google.crypto.tink.KmsEnvelopeAeadKey')
  key_template.output_prefix_type = tink_pb2.RAW
  return key_template

Beispiel #2

 def test_create_kms_envelope_aead_key_template(self):
     template = aead.aead_key_templates.create_kms_envelope_aead_key_template(
         kek_uri='fake://kek/uri',
         dek_template=aead.aead_key_templates.AES128_GCM)
     self.assertEqual(
         template.type_url,
         'type.googleapis.com/google.crypto.tink.KmsEnvelopeAeadKey')
     self.assertEqual(template.output_prefix_type, tink_pb2.RAW)
     key_format = kms_envelope_pb2.KmsEnvelopeAeadKeyFormat()
     key_format.ParseFromString(template.value)
     self.assertEqual(key_format.kek_uri, 'fake://kek/uri')
     self.assertEqual(key_format.dek_template.type_url,
                      aead.aead_key_templates.AES128_GCM.type_url)

Beispiel #3

Datei: _aead_key_templates.py Projekt: szaydel/tink

def create_kms_envelope_aead_key_template(
    kek_uri: Text, dek_template: tink_pb2.KeyTemplate) -> tink_pb2.KeyTemplate:
  """Creates a KMS Envelope AEAD key template from a KEK URI and a DEK template.

  Keys generated by this key template uses RAW output prefix to make them
  compatible with the remote KMS' encrypt/decrypt operations. Unlike other
  templates, when you generate new keys with this template, Tink does not
  generate new key material, but only creates a reference to the remote KEK.

  Args:
      kek_uri: Text. The URI of the KEK that resides in an external KMS.
      dek_template: tink_pb2.KeyTemplate. The template of the DEK.
  Returns:
      the resulting key template
  """
  key_format = kms_envelope_pb2.KmsEnvelopeAeadKeyFormat()
  key_format.kek_uri = kek_uri
  key_format.dek_template.MergeFrom(dek_template)
  key_template = tink_pb2.KeyTemplate()
  key_template.value = key_format.SerializeToString()
  key_template.type_url = _KMS_ENVELOPE_AEAD_KEY_TYPE_URL
  key_template.output_prefix_type = tink_pb2.RAW
  return key_template