Skip to content
Snippets Groups Projects
Select Git revision
  • upstream/master
  • upstream/1.3
  • upstream/gh-pages
  • master default
  • upstream/thaidn-patch-1
  • upstream/1.2
  • upstream/merge_test
  • upstream/master_backup
  • v1.3.0-rc3
  • v1.3.0-rc2
  • v1.3.0-rc1
  • v1.2.2
  • v1.2.1
  • v1.2.0
  • v1.2.0-rc4
  • v1.2.0-rc3
  • v1.2.0-rc2
  • v1.1.1
  • v1.1.0
  • v1.0.0
20 results
Compare History
user avatar
Hmac key type and manager.
Thai Duong authored 
While working on this, I noticed that sometimes the same key manager
might be registered multiple times for the same type url. This happens
quite frequently in tests. So I changed the behavior of
Registry.registerKeyManager. If there is an existing manager, it doesn't
do anything, but returns false. Otherwise it inserts the manager and
returns true.

Change-Id: I257251f1696764fa87586da7c3a48bee6ffb601a
ORIGINAL_AUTHOR=Thai Duong <thaidn@gmail.com>

GitOrigin-RevId: 89ab2ff8111eb4df606719434da61e79d1352a7e
8c343f74
Name Last commit Last update
cc
java
proto
.gitignore
CONTRIBUTING.md
LICENSE
README.md
WORKSPACE
README.md

Cloud Crypto SDK

An open-source SDK that provides cloud customers with cryptographic functionalities needed to extend key management offering of Cloud KMS.

In particular, Cloud KMS needs support for “Envelope Encryption”, i.e., a client-side encryption of data with user-generated keys protected by KMS encryption: cloud user generates a data encryption key (DEK) locally, encrypts data with DEK, sends DEK to Storky to be encrypted (with a key managed by Storky), and stores encrypted DEK with encrypted data; at a later point user can retrieve encrypted data and DEK, use Storky to decrypt DEK, and use decrypted DEK to decrypt the data. A guiding principles for the design of the SDK are security, simplicity, and resistance to user errors.