2
– Integrating Google Cloud Platform with SafeNet Luna HSM
Google Cloud Platform Integration Guide
13
Generated AES Key: 715 (0x000002cb)
Where 715 is handle of generated AES Key
9. Wrap your key using the public key provided in a certificate that Compute Engine manages. Please ensure
to wrap your key using
OAEP
padding. To wrap the key use the same
CKDEMO
session and provide the
choices to wrap the AES key using OAEP padding.
(60) Wrap key
Enter your choice: 60
[1]DES-ECB
[2]DES-CBC
[3]DES3-ECB
[4]DES3-CBC
[7]CAST3-ECB
[8]CAST3-CBC
[9]RSA
[10]TRANSLA
[11]DES3-CBC-PAD
[12]DES3-CBC-PAD-IPSEC
[13]SEED-ECB
[14]SEED-CBC
[15]SEED-CBC-PAD
[16]DES-CBC-PAD
[17]CAST3-CBC-PAD
[18]CAST5-CBC-PAD
[19]AES-ECB
[20]AES-CBC
[21]AES-CBC-PAD
[22]AES-CBC-PAD-IPSEC [23]ARIA-ECB [24]ARIA-CBC
[25]ARIA-CBC-PAD
[26]RSA_OAEP
[27]SET_OAEP
[30]AES-KW
[35]AES-KEY-WRAP
Select mechanism for wrapping: 26
Enter filename of OAEP Source Data [0 for none]: 0
Enter handle of wrapping key (0 to list available objects): 718
Enter handle of key to wrap (0 to list available objects): 715
Wrapped key was saved in file wrapped.key
Where 718 and 715 is the handle of Google Public Key and AES256 key respectively.
NOTE:
wrapped.key is the output file that contains the wrapped AES key.
10. Exit from
ckdemo
session now by providing the choice as 0.
Enter your choice: 0
Exiting GESC SIMULATION LAB
11. Encode your RSA-wrapped key in
base64
using following Open SSL command:
# openssl enc -base64 -in wrapped.key > rsawrapencodedkey.txt
12. Open the
rsawrapencodedkey.txt
file in any editor and ensure that the complete key is present in the single
line and remove any new Line Feed/Carriage Return.
13. Open the Google Cloud SDK Shell and use the
gcloud init
command to perform several common SDK
setup tasks. These include authorizing the SDK tools to access Google Cloud Platform using your user
account credentials and setting up the default SDK configuration. Installation steps are provided at
https://cloud.google.com/sdk/docs/quickstart-windows
URL.
