tholenst
commented
5 months ago Thanks for the report.
There are several ways, in your particular case I would directly create the corresponding parameters object.
LegacyKmsEnvelopeAeadParameters parameters =
LegacyKmsEnvelopeAeadParameters.builder()
.setKekUri(reference.getKeyURI())
.setDekParsingStrategy(
LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_AES_GCM)
.setDekParametersForNewKeys(
AesGcmParameters.builder()
.setIvSizeBytes(12)
.setKeySizeBytes(16)
.setTagSizeBytes(16)
.setVariant(AesGcmParameters.Variant.NO_PREFIX)
.build())
.build();I know this is more verbose, but it tells you a few things: 1) For new DEKs we will use the above parameter set. 2) For old DEKs, we will assume that they are AES GCM keys.
Note that in order for things to work properly they need to fit, but it also is clear that you cannot easily change this.
More generally, it is always possible to convert a com.google.crypto.tink.proto.KeyTemplate into a parameters with TinkProtoParametersFormat.parse(t.toByteArray());
beatrausch
Is your feature request related to a problem? We are using the Aead Evenlope encryption. We are planning to store the DEK KeyTemplate with the encrypted data so that we know which template to use for decryption. What is the intended way to come from an
KeyTemplateto the relatedParameters?What sort of feature would you like to see? Util method to convert
AeadParametersto aKeyTempleateand vice versaHave you considered any alternative solutions? We ware not able to figure out how to convert parameters to key templates
Thx, Regards