tink icon indicating copy to clipboard operation
tink copied to clipboard

Published 20 hours ago verified publisher icon tink-crypto

How to use one of the ENABLED keyId from multi key keySet file?

Open xmlking opened this issue 3 years ago • 1 comments

if I have a multiple active keys in a keyset, how do I specify which KeyId I want to use to encrypt using Aead API?

{
    "primaryKeyId": 1268760993,
    "key": [
        {
            "keyData": {
                "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey",
                "value": "aaaaaa",
                "keyMaterialType": "SYMMETRIC"
            },
            "status": "ENABLED",
            "keyId": 1268760993,
            "outputPrefixType": "TINK"
        },
        {
            "keyData": {
                "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey",
                "value": "bbbbb",
                "keyMaterialType": "SYMMETRIC"
            },
            "status": "ENABLED",
            "keyId": 851085696,
            "outputPrefixType": "TINK"
        }
    ]
}

xmlking avatar Dec 28 '21 17:12 xmlking

Hi @xmlking sorry for not replying earlier. One way to do so is for example in C++ using the KeysetManager API; to use a key with ID keyId:

  • Call KeysetManager::SetKeyId(keyId)
  • Get a KeysetManager::GetKeysetHandle()
  • Get a (wrapped) primitive with KeysetHandle::GetPrimitive()

The wrapped primitive (in this case AeadSetWrapper) will encrypt with the primary key, and decrypt with the key whose ID is set as a prefix of the ciphertext.

morambro avatar May 05 '22 12:05 morambro

I am going to close this issue. Feel free to reopen it if you have further questions!

morambro avatar Oct 20 '22 13:10 morambro