Skip to content
Snippets Groups Projects
user avatar
Thai Duong authored
While working on this, I noticed that sometimes the same key manager
might be registered multiple times for the same type url. This happens
quite frequently in tests. So I changed the behavior of
Registry.registerKeyManager. If there is an existing manager, it doesn't
do anything, but returns false. Otherwise it inserts the manager and
returns true.

Change-Id: I257251f1696764fa87586da7c3a48bee6ffb601a
ORIGINAL_AUTHOR=Thai Duong <thaidn@gmail.com>

GitOrigin-RevId: 89ab2ff8111eb4df606719434da61e79d1352a7e
8c343f74

Cloud Crypto SDK

An open-source SDK that provides cloud customers with cryptographic functionalities needed to extend key management offering of Cloud KMS.

In particular, Cloud KMS needs support for “Envelope Encryption”, i.e., a client-side encryption of data with user-generated keys protected by KMS encryption: cloud user generates a data encryption key (DEK) locally, encrypts data with DEK, sends DEK to Storky to be encrypted (with a key managed by Storky), and stores encrypted DEK with encrypted data; at a later point user can retrieve encrypted data and DEK, use Storky to decrypt DEK, and use decrypted DEK to decrypt the data. A guiding principles for the design of the SDK are security, simplicity, and resistance to user errors.