Menghasilkan byte acak

Topik ini menunjukkan cara mengambil byte acak dari generator angka acak di Cloud HSM.

Sebelum memulai

  • Berikan izin cloudkms.locations.generateRandomBytes di lokasi cloud tempat layanan Anda akan menghasilkan byte acak. Anda dapat mempelajari izin di Cloud Key Management Service di bagian Izin dan peran.

Menghasilkan byte acak

C#

Untuk menjalankan kode ini, siapkan lingkungan pengembangan C# terlebih dahulu lalu instal Cloud KMS C# SDK.


using Google.Api.Gax.ResourceNames;
using Google.Cloud.Kms.V1;

public class GenerateRandomBytesSample
{
    public byte[] GenerateRandomBytes(
      string projectId = "my-project", string locationId = "us-east1", int numBytes = 256)
    {
        // Create the client.
        KeyManagementServiceClient client = KeyManagementServiceClient.Create();

        // Build the location name.
        LocationName locationName = new LocationName(projectId, locationId);

        // Call the API.
        GenerateRandomBytesResponse result = client.GenerateRandomBytes(locationName.ToString(), numBytes, ProtectionLevel.Hsm);

        // The data comes back as raw bytes, which may include non-printable
        // characters. To print the result, you could encode it as base64.
        // string encodedData = result.Data.ToBase64();

        return result.Data.ToByteArray();
    }
}

Go

Untuk menjalankan kode ini, siapkan lingkungan pengembangan Go terlebih dahulu lalu instal Cloud KMS Go SDK.

import (
	"context"
	"encoding/base64"
	"fmt"
	"io"

	kms "cloud.google.com/go/kms/apiv1"
	"cloud.google.com/go/kms/apiv1/kmspb"
)

// generateRandomBytes generates random bytes with entropy sourced from the
// given location.
func generateRandomBytes(w io.Writer, location string, numBytes int32) error {
	// name := "projects/my-project/locations/us-east1"
	// numBytes := 256

	// Create the client.
	ctx := context.Background()
	client, err := kms.NewKeyManagementClient(ctx)
	if err != nil {
		return fmt.Errorf("failed to create kms client: %w", err)
	}
	defer client.Close()

	// Build the request.
	req := &kmspb.GenerateRandomBytesRequest{
		Location:        location,
		LengthBytes:     numBytes,
		ProtectionLevel: kmspb.ProtectionLevel_HSM,
	}

	// Generate random bytes.
	result, err := client.GenerateRandomBytes(ctx, req)
	if err != nil {
		return fmt.Errorf("failed to generate random bytes: %w", err)
	}

	// The data comes back as raw bytes, which may include non-printable
	// characters. This base64-encodes the result so it can be printed below.
	encodedData := base64.StdEncoding.EncodeToString(result.Data)

	fmt.Fprintf(w, "Random bytes: %s", encodedData)
	return nil
}

Java

Untuk menjalankan kode ini, siapkan lingkungan pengembangan Java terlebih dahulu dan instal Java SDK Cloud KMS.

import com.google.cloud.kms.v1.GenerateRandomBytesResponse;
import com.google.cloud.kms.v1.KeyManagementServiceClient;
import com.google.cloud.kms.v1.LocationName;
import com.google.cloud.kms.v1.ProtectionLevel;
import java.io.IOException;
import java.util.Base64;

public class GenerateRandomBytes {

  public void generateRandomBytes() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    String locationId = "us-east1";
    int numBytes = 256;
    generateRandomBytes(projectId, locationId, numBytes);
  }

  // Create a new key for use with MacSign.
  public void generateRandomBytes(String projectId, String locationId, int numBytes)
      throws IOException {
    // Initialize client that will be used to send requests. This client only
    // needs to be created once, and can be reused for multiple requests. After
    // completing all of your requests, call the "close" method on the client to
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
      // Build the parent name for the location.
      LocationName locationName = LocationName.of(projectId, locationId);

      // Generate the bytes.
      GenerateRandomBytesResponse response =
          client.generateRandomBytes(locationName.toString(), numBytes, ProtectionLevel.HSM);

      // The data comes back as raw bytes, which may include non-printable
      // characters. This base64-encodes the result so it can be printed below.
      String encodedData = Base64.getEncoder().encodeToString(response.getData().toByteArray());

      System.out.printf("Random bytes: %s", encodedData);
    }
  }
}

Node.js

Untuk menjalankan kode ini, siapkan lingkungan pengembangan Node.js terlebih dahulu, lalu instal Node.js SDK Cloud KMS.

//
// TODO(developer): Uncomment these variables before running the sample.
//
// const projectId = 'my-project';
// const locationId = 'us-east1';
// const numBytes = 256;

// Imports the Cloud KMS library
const {KeyManagementServiceClient} = require('@google-cloud/kms');

// Instantiates a client
const client = new KeyManagementServiceClient();

// Build the location name
const locationName = client.locationPath(projectId, locationId);

async function generateRandomBytes() {
  const [randomBytesResponse] = await client.generateRandomBytes({
    location: locationName,
    lengthBytes: numBytes,
    protectionLevel: 'HSM',
  });

  console.log(`Random bytes: ${randomBytesResponse.data.toString('base64')}`);
  return randomBytesResponse;
}

return generateRandomBytes();

PHP

Untuk menjalankan kode ini, pelajari cara menggunakan PHP di Google Cloud terlebih dahulu dan instal PHP SDK Cloud KMS.

use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\GenerateRandomBytesRequest;
use Google\Cloud\Kms\V1\ProtectionLevel;

/**
 * Generate a random byte string using Cloud KMS.
 *
 * @param string $projectId The Google Cloud project ID.
 * @param string $locationId The location ID (e.g. us-east1).
 * @param int $numBytes The number of bytes to generate.
 */
function generate_random_bytes(
    string $projectId,
    string $locationId = 'us-east1',
    int $numBytes = 256
) {
    // Create the Cloud KMS client.
    $client = new KeyManagementServiceClient();

    // Build the parent name.
    $locationName = $client->locationName($projectId, $locationId);

    // Call the API.
    $generateRandomBytesRequest = (new GenerateRandomBytesRequest())
        ->setLocation($locationName)
        ->setLengthBytes($numBytes)
        ->setProtectionLevel(ProtectionLevel::HSM);
    $randomBytesResponse = $client->generateRandomBytes($generateRandomBytesRequest);

    // The data comes back as raw bytes, which may include non-printable
    // characters. This base64-encodes the result so it can be printed below.
    $encodedData = base64_encode($randomBytesResponse->getData());
    printf('Random bytes: %s' . PHP_EOL, $encodedData);

    return $randomBytesResponse;
}

Python

Untuk menjalankan kode ini, siapkan lingkungan pengembangan Python terlebih dahulu lalu instal Cloud KMS Python SDK.


# Import base64 for encoding the bytes for printing.
import base64

# Import the client library.
from google.cloud import kms

def generate_random_bytes(project_id: str, location_id: str, num_bytes: int) -> bytes:
    """
    Generate random bytes with entropy sourced from the given location.

    Args:
        project_id (string): Google Cloud project ID (e.g. 'my-project').
        location_id (string): Cloud KMS location (e.g. 'us-east1').
        num_bytes (integer): number of bytes of random data.

    Returns:
        bytes: Encrypted ciphertext.

    """

    # Create the client.
    client = kms.KeyManagementServiceClient()

    # Build the location name.
    location_name = client.common_location_path(project_id, location_id)

    # Call the API.
    protection_level = kms.ProtectionLevel.HSM
    random_bytes_response = client.generate_random_bytes(
        request={
            "location": location_name,
            "length_bytes": num_bytes,
            "protection_level": protection_level,
        }
    )

    print(f"Random bytes: {base64.b64encode(random_bytes_response.data)}")
    return random_bytes_response

Ruby

Untuk menjalankan kode ini, siapkan lingkungan pengembangan Ruby terlebih dahulu dan instal Ruby SDK Cloud KMS.

# TODO(developer): uncomment these values before running the sample.
# project_id  = "my-project"
# location_id = "us-east1"
# num_bytes = 256

# Require the library.
require "google/cloud/kms"

# Create the client.
client = Google::Cloud::Kms.key_management_service

# Build the parent location name.
location_name = client.location_path project:    project_id,
                                     location:   location_id

# Call the API.
response = client.generate_random_bytes location: location_name, length_bytes: num_bytes, protection_level: :HSM

# The data comes back as raw bytes, which may include non-printable
# characters. This base64-encodes the result so it can be printed below.
encoded_data = Base64.strict_encode64 response.data

puts "Random bytes: #{encoded_data}"

Batasan umum

  • Panggilan API GenerateRandomBytes dapat menghasilkan maksimum 1.024 byte keacakan per panggilan. Untuk menghasilkan lebih banyak byte keacakan, Anda dapat melakukan beberapa panggilan API.

  • Panggilan API GenerateRandomBytes tidak didukung untuk tingkat perlindungan Software atau Eksternal.