I have imported the key material into Cloud KMS and KMS generated a (AES-256) key, then I saved the key material locally and encrypted some data files with generated key.
After that if my Google account is arrears or Cloud KMS crashes and causes the KMS key to be lost (I know this is highly unlikely). Can I still recover the key and decrypt the encrypted file?
Specifically, my scenario is that, after I renewed my payment method, my KMS service resumed. Can I use the same key material to re-import it into KMS to regenerate a new key that can decrypt the files that were encrypted with the old key?
Even if you have your imported key material, Cloud KMS only allows operations through its API, this means that without access to it, is not possible to decrypt files.
From the documentation on symmetrical keys:
For security reasons, the raw cryptographic key material represented by a Cloud KMS key can never be viewed or exported. It can only be used by an authorized user to encrypt or decrypt data when they invoke the Cloud KMS API.
In your specific scenario, even if you use the same key material to create another symmetrical key, you won't be able to decrypt the previously encrypted files with the old key.
Related
I am integrating Cloudinary in my nodejs dashboard, which will allow customers to upload images to the app. However, I want this to be as automated as possible, but I know you need api keys and api secret keys to connect to cloudinary server. It it good practice to store each clients api keys in my db2 database?
You might want to use an .env file. For example here: https://github.com/motdotla/dotenv#usage
Alternatively, you can use the unsigned upload widget. using the node sdk or the upload widget.
I have number of applications running in GCP and using KMS to sign certificates. I give each application sign permission (projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.asymmetricSign) for specific key. In order to sign I need to provide specific key version (actually I want to use the last version of the key), so I have to get list of version for the key and this requires projects.locations.keyRings.cryptoKeys.get or projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.list permission.
The question is why I need to give this permission to sign a certificate and whether there is way to sign without getting list of versions.
i tried to set up a simple map: http://pan-american.ch and keep getting the same error in the JS Console:
https://developers.google.com/maps/documentation/javascript/error-messages#referer-not-allowed-map-error
Your site URL to be authorized:
on this Domain http://map2.codedesign.ch the key works fine.
so my question is - where can i add Domains...
You want to setup the referrers to allow http://pan-american.ch.
See the Google Documentation on Setting up API keys:
Setting up API keys
If your client application does not use OAuth 2.0, then it must include an API key when it calls an API that's enabled within a Google Cloud Platform project. The application passes this key into all API requests as a key=API_key parameter.
To create your application's API key:
Go to the Cloud Platform Console.
From the projects list, select a project or create a new one.
If the API Manager page isn't already open, open the menu Gallery Menu and select API Manager.
On the left, choose Credentials.
Click Create credentials and then select API key.
Choose the type of key to use. (API key types are described in more detail in the following sections.) If you're unsure whether an API key is appropriate for the API you're calling, select Help me choose and follow the instructions to pick the right credentials.
Note: In addition to reading the instructions on this page, be sure to read Best practices for securely using API keys.
The API supports several types of API keys, including server keys, browser keys, iOS keys, and Android keys.
Browser keys
Create and use a Browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.
My app contain a security key which I need to send every time I call web service.
The code is not provided by the user, it's in the code and it won't be changed.
For now I store the key as a string in code.
I need to store it somewhere, the ideal solution would be .config file where I could store it in appSettings and I could also encode the file. I know that there is not such a file available in WP, but what is the WP alternative.
Do you know any way I can securely store the security key?
Thanks in advance.
Instead of securely storing the key with your xap, use your server to distribute key to the app.
When your app opens for the first time, get the key from server, encrypt it and store it in IsolatedStorageSettings. For subsequent app sessions, decrypt and use the same.
The current scenario is, all XAPs on store are encrypted and there is no way to get access to your dll without interop unlock. However, if you are not doing a Silverlight application and instead do a WinRT application, the APPX package is not encrypted and anyone can download it from the store.
If you are going with a Silverlight app, it is secure enough to put the key in IsolatedStorageSettings after encrypting. If it is a WinRT app, you can get the key from your server.
I accidentally deleted by Public API Key for Browser applications under my Google Developer Console. I have an iOS and Android app that are using this key. I don't have the source codes for the apps and they are live on the market. Is there a way to restore or recover the deleted keys?
When you delete the key (I just created one to test it) it asks for confirmation with the following message :
The key will be deleted immediately and permanently. Once deleted, it can no longer be used to make API requests.
This message clearly indicates that there's no possible recovery