Signing Data using Cloud KMS

Lab Details:

  1. This Lab walks you through Cloud KMS

  2. You will be creating Key Ring in Cloud KMS

  3. You will be creating a Asymmetric Key for Signing a data

  4. You will get the Public key from Cloud KMS

  5. Verifying the signature using Openssl

  6. Region: us-central1

  7. Duration: 45 minutes

Note: Do not refresh the page after you click Start Lab, wait for a few seconds to get the credentials.
In case while login into Google, if it asks for verification, please enter your mobile number and verify with OTP, Don't worry this Google Account will be deleted after the lab.


What is KMS?

  1. Cloud KMS(Key Management Service) in Google Cloud Platform is a service to create and manage cryptographic keys and also you can create symmetric and asymmetric keys using cloud KMS.

  2. In Symmetric Key, the same key can be used to encrypt or decrypt data.

  3. In Asymmetric Key, the key will actually have two parts i.e. Public key and Private key. Public Key can be given to anyone to encrypt the data and for Private key is used for decrypting the data.

  4. KMS also provides an API to encrypt, decrypt or sign data. KMS allows you to use cryptographic keys which are created in the ON Premises.

  5. Cloud KMS integrates with almost all the GCP Services that need data encryption and KMS also manages the encryption and decryption process.

  6. Cloud KMS can be created by using KeyRing, it is a kind of key holder for attaching multiple keys.

Signing and Validating the Data:

  1. To Create and Validate digital signatures, Cloud KMS has the ability to create an Asymmetric key with the key purpose of Asymmetric Sign.

  2. Asymmetric Sign for Cloud KMS supports both the Elliptic Curve algorithm and RSA algorithm.

  3. Signature validation can be done by SDKs and tools like OpenSSL. By using Cloudshell, you will get OpenSSL by default because it is pre installed already.

  4. For example: The workflow consists of two participants, one is signer and the other is recipient. The signer will create a signature for the data over the private key and sends the signature and data to the recipient. The recipient will use the public key pair to verify the digital signature.

Lab Tasks

  • Login into GCP Console.

  • Creating a Cloud KMS key 

  • Creating a Key Ring in Cloud KMS

  • Creating a Asymmetric Key for signing a data

  • Getting the Public key from Cloud KMS

  • Verifying a Signature using OpenSSL

  • Checking a Signature is Valid or Not


Join Whizlabs_Hands-On to Read the Rest of this Lab..and More!

Step 1 : Login to My-Account
Step 2 : Click on "Access Now" to view the course you have purchased
Step 3 : You will be taken to our Learn Management Solution (LMS) to access your Labs,Quiz and Video courses

Open Console