Follow this tutorial if you want to use Google Managed Key on Google Cloud KMS.
But if you want to create your own key and upload it to Google Cloud KMS, please follow these steps
Generate key in der format
openssl genrsa -out key-pri.pem 3072
openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER \-in key-pri.pem \
-out key-pri.der
openssl rsa -in key-pri.pem -pubout -out key-pub.pem
Upload key (.der file) to Google Cloud KMS
gcloud kms import-jobs create job \
--project ${PROJECT_ID} \
--location global \
--keyring ${KEY_RING} \
--import-method rsa-oaep-3072-sha1-aes-256 \
--protection-level software
gcloud kms keys versions import \
--project ${PROJECT_ID} \
--import-job job \
--location global \
--keyring ${KEY_RING} \
--key key \
--algorithm rsa-decrypt-oaep-3072-sha256 \
--target-key-file key.der
*you need to install crypto first
ไม่มีความคิดเห็น:
แสดงความคิดเห็น