Skip to content
This repository was archived by the owner on Apr 17, 2024. It is now read-only.

Feature: Asymmetric Signatures for GCP KMS#438

Closed
sgammon wants to merge 2 commits intotink-crypto:masterfrom
sgammon:gcp-kms/signatures
Closed

Feature: Asymmetric Signatures for GCP KMS#438
sgammon wants to merge 2 commits intotink-crypto:masterfrom
sgammon:gcp-kms/signatures

Conversation

@sgammon
Copy link

@sgammon sgammon commented Oct 25, 2020

This changeset extends the existing KMS infrastructure for GCP to support the AsymmetricSignRequest/AsymmetricSignResponse flow.

Features so far:

  • Ability to spawn a PublicKeySign backed by GCP KMS
  • Ability to sign data (provided it is pre-hashed)
  • Ability to fetch the public key and verify data
  • Safer handling of input
  • Unit testing

@google-cla
Copy link

google-cla bot commented Oct 25, 2020

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@google-cla google-cla bot added the cla: no label Oct 25, 2020
@sgammon sgammon force-pushed the gcp-kms/signatures branch from d5775f7 to e065535 Compare October 25, 2020 08:18
@google-cla
Copy link

google-cla bot commented Oct 25, 2020

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@sgammon sgammon force-pushed the gcp-kms/signatures branch from e065535 to 73a89a5 Compare October 25, 2020 08:22
@google-cla
Copy link

google-cla bot commented Oct 25, 2020

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@sgammon sgammon force-pushed the gcp-kms/signatures branch from 73a89a5 to 3f0622d Compare October 25, 2020 09:14
@google-cla
Copy link

google-cla bot commented Oct 25, 2020

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@sgammon sgammon force-pushed the gcp-kms/signatures branch from 3f0622d to 93f55d2 Compare October 25, 2020 19:35
@google-cla
Copy link

google-cla bot commented Oct 25, 2020

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@sgammon
Copy link
Author

sgammon commented Dec 4, 2020

@googlebot I signed it!

@google-cla google-cla bot added cla: yes and removed cla: no labels Dec 4, 2020
@google-cla
Copy link

google-cla bot commented Dec 4, 2020

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

@google-cla google-cla bot added cla: no and removed cla: yes labels Dec 4, 2020
@sgammon
Feature: Asymmetric Signatures for GCP KMS
d48c4ae 
This changeset extends the existing KMS infrastructure for GCP to
support the `AsymmetricSignRequest`/`AsymmetricSignResponse` flow.

Features so far:
- [x] Ability to spawn a `PublicKeySign` backed by GCP KMS
- [x] Ability to sign data (provided it is pre-hashed)
- [ ] Ability to fetch the public key and verify data
- [ ] Safer handling of input
- [ ] Unit testing
@sgammon sgammon force-pushed the gcp-kms/signatures branch from c2fea50 to d48c4ae Compare December 4, 2020 17:45
@google-cla google-cla bot added cla: yes and removed cla: no labels Dec 4, 2020
@google-cla
Copy link

google-cla bot commented Dec 27, 2020

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

@google-cla google-cla bot added cla: no and removed cla: yes labels Dec 27, 2020
@google-cla google-cla bot added cla: yes and removed cla: no labels Nov 11, 2021
@juergw
Copy link
Contributor

juergw commented Feb 28, 2023

Sorry that we have not replied yet to this request.

We prefer not to merge this into the Tink library. The main goal of KmsClients is to have a way to encrypt and decrypt keysets. We currently don't want to extend that to anything else.

@juergw juergw closed this Feb 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

cla: yes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sgammon @juergw