Google Cloud HSM as a provider for encryption












1















AWS seems to allow us to have the AWS Cloud HSM as a provider, See here and here



Security.addProvider(new com.cavium.provider.CaviumProvider())


In the samples from GKE however we seem to only have bouncy castle as a provider. See here



Security.addProvider(new BouncyCastleProvider());


Maybe i am missing something fundamental.



Would like to do a initsign as below JCA API



https://docs.oracle.com/javase/10/docs/api/java/security/Signature.html#initSign(java.security.PrivateKey)










share|improve this question

























  • Looking at the sample code - it uses BC for verification and a proprietary client for getting the keys and signing. Doesn't seem to use JCA but uses a web API - KMS. You could wrap it up in your own JCA extension :) cloud.google.com/kms/docs/reference/…

    – Dan
    Nov 20 '18 at 16:19











  • Dan, Thanks for looking into it. Cool, so will use AWS or wrap in my own JCA as suggested. I guess i should be grateful for having HSM's in the cloud, would save so much lead time for performing early application behaviour tests. Was wondering if anyone who works for Google could comment. JCA being a standard, would it on the Google Cloud's current or future Roadmap somewhere ? Again Dan, thank you!

    – Suchak Jani
    Nov 21 '18 at 8:37


















1















AWS seems to allow us to have the AWS Cloud HSM as a provider, See here and here



Security.addProvider(new com.cavium.provider.CaviumProvider())


In the samples from GKE however we seem to only have bouncy castle as a provider. See here



Security.addProvider(new BouncyCastleProvider());


Maybe i am missing something fundamental.



Would like to do a initsign as below JCA API



https://docs.oracle.com/javase/10/docs/api/java/security/Signature.html#initSign(java.security.PrivateKey)










share|improve this question

























  • Looking at the sample code - it uses BC for verification and a proprietary client for getting the keys and signing. Doesn't seem to use JCA but uses a web API - KMS. You could wrap it up in your own JCA extension :) cloud.google.com/kms/docs/reference/…

    – Dan
    Nov 20 '18 at 16:19











  • Dan, Thanks for looking into it. Cool, so will use AWS or wrap in my own JCA as suggested. I guess i should be grateful for having HSM's in the cloud, would save so much lead time for performing early application behaviour tests. Was wondering if anyone who works for Google could comment. JCA being a standard, would it on the Google Cloud's current or future Roadmap somewhere ? Again Dan, thank you!

    – Suchak Jani
    Nov 21 '18 at 8:37
















1












1








1








AWS seems to allow us to have the AWS Cloud HSM as a provider, See here and here



Security.addProvider(new com.cavium.provider.CaviumProvider())


In the samples from GKE however we seem to only have bouncy castle as a provider. See here



Security.addProvider(new BouncyCastleProvider());


Maybe i am missing something fundamental.



Would like to do a initsign as below JCA API



https://docs.oracle.com/javase/10/docs/api/java/security/Signature.html#initSign(java.security.PrivateKey)










share|improve this question
















AWS seems to allow us to have the AWS Cloud HSM as a provider, See here and here



Security.addProvider(new com.cavium.provider.CaviumProvider())


In the samples from GKE however we seem to only have bouncy castle as a provider. See here



Security.addProvider(new BouncyCastleProvider());


Maybe i am missing something fundamental.



Would like to do a initsign as below JCA API



https://docs.oracle.com/javase/10/docs/api/java/security/Signature.html#initSign(java.security.PrivateKey)







java amazon-web-services google-cloud-platform hsm jca






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 21 '18 at 19:11









oakinlaja

1816




1816










asked Nov 20 '18 at 14:08









Suchak JaniSuchak Jani

637




637













  • Looking at the sample code - it uses BC for verification and a proprietary client for getting the keys and signing. Doesn't seem to use JCA but uses a web API - KMS. You could wrap it up in your own JCA extension :) cloud.google.com/kms/docs/reference/…

    – Dan
    Nov 20 '18 at 16:19











  • Dan, Thanks for looking into it. Cool, so will use AWS or wrap in my own JCA as suggested. I guess i should be grateful for having HSM's in the cloud, would save so much lead time for performing early application behaviour tests. Was wondering if anyone who works for Google could comment. JCA being a standard, would it on the Google Cloud's current or future Roadmap somewhere ? Again Dan, thank you!

    – Suchak Jani
    Nov 21 '18 at 8:37





















  • Looking at the sample code - it uses BC for verification and a proprietary client for getting the keys and signing. Doesn't seem to use JCA but uses a web API - KMS. You could wrap it up in your own JCA extension :) cloud.google.com/kms/docs/reference/…

    – Dan
    Nov 20 '18 at 16:19











  • Dan, Thanks for looking into it. Cool, so will use AWS or wrap in my own JCA as suggested. I guess i should be grateful for having HSM's in the cloud, would save so much lead time for performing early application behaviour tests. Was wondering if anyone who works for Google could comment. JCA being a standard, would it on the Google Cloud's current or future Roadmap somewhere ? Again Dan, thank you!

    – Suchak Jani
    Nov 21 '18 at 8:37



















Looking at the sample code - it uses BC for verification and a proprietary client for getting the keys and signing. Doesn't seem to use JCA but uses a web API - KMS. You could wrap it up in your own JCA extension :) cloud.google.com/kms/docs/reference/…

– Dan
Nov 20 '18 at 16:19





Looking at the sample code - it uses BC for verification and a proprietary client for getting the keys and signing. Doesn't seem to use JCA but uses a web API - KMS. You could wrap it up in your own JCA extension :) cloud.google.com/kms/docs/reference/…

– Dan
Nov 20 '18 at 16:19













Dan, Thanks for looking into it. Cool, so will use AWS or wrap in my own JCA as suggested. I guess i should be grateful for having HSM's in the cloud, would save so much lead time for performing early application behaviour tests. Was wondering if anyone who works for Google could comment. JCA being a standard, would it on the Google Cloud's current or future Roadmap somewhere ? Again Dan, thank you!

– Suchak Jani
Nov 21 '18 at 8:37







Dan, Thanks for looking into it. Cool, so will use AWS or wrap in my own JCA as suggested. I guess i should be grateful for having HSM's in the cloud, would save so much lead time for performing early application behaviour tests. Was wondering if anyone who works for Google could comment. JCA being a standard, would it on the Google Cloud's current or future Roadmap somewhere ? Again Dan, thank you!

– Suchak Jani
Nov 21 '18 at 8:37














0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53394842%2fgoogle-cloud-hsm-as-a-provider-for-encryption%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53394842%2fgoogle-cloud-hsm-as-a-provider-for-encryption%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Guess what letter conforming each word

Port of Spain

Run scheduled task as local user group (not BUILTIN)