Skip to content

chromeos/wbn-sign-gcp-kms

BranchesTags

Repository files navigation

Signing web bundles using GCP KMS API

This is a Node.js module for signing Web Bundles using wbn-sign with GCP KMS API.

Usage

Lib

You can supply the GCPWbnSigner class to wbnSign.IntegrityBlockSigner from the wbn-sign NPM package like this:

import { GCPWbnSigner } from 'wbn-sign-gcp-kms';

...

const { signedWebBundle } = await new wbnSign.IntegrityBlockSigner(
  true,
  webBundle,
  webBundleId,
  [
    new GCPWbnSigner({
      project: projectId,
      location: locationId,
      keyring: keyringId,
      key: keyId,
      version: versionId
    })
  ]
).sign();

There's also a shortcut to that, signBundle:

import { signBundle } from 'wbn-sign-gcp-kms';

...

const signedWebBundle = await signBundle(
  webBundle,
  webBundleId,
  [
    {
      project: projectId,
      location: locationId,
      keyring: keyringId,
      key: keyId,
      version: versionId
    }
  ]
);

Provided that the key path is correct and you are correctly authenticated for the purpose of GCP KMS Node.js API, this will give you the signed web bundle.

You can also get the web bundle IDs of your keys using a helper function:

import { getWebBundleIds } from 'wbn-sign-gcp-kms';

...

const keyIdsWithBundleIds = await getWebBundleIds(
  [
    {
      project: projectId,
      location: locationId,
      keyring: keyringId,
      key: keyId,
      version: versionId
    },
    {
      project: projectId2,
      location: locationId2,
      keyring: keyringId2,
      key: keyId2,
      version: versionId2
    }
  ]
)

This will return GCPKeyInfoWithBundleId[] for the provided keys.

CLI

Example of signing:

$ wbn-gcp-kms sign \
  --key-id-json ./key1.json \
  --key-id-json ./key2.json \
  --web-bundle-id ao6qlxy53numov53l37w3vcvtpckzhmbvhoqtqs7g6enzlkqdya5waacai \
  --input webbundle.wbn \
  --output webbundle.swbn

Example of dumping bundle IDs:

$ wbn-gcp-kms get-ids --key-id-json ./key1.json --key-id-json ./key2.json
[
  {
    project: 'project-1',
    location: 'global',
    keyring: 'keyring-1',
    key: 'key-1',
    version: '1',
    webBundleId: 'ao6qlxy53numov53l37w3vcvtpckzhmbvhoqtqs7g6enzlkqdya5waacai'
  },
  {
    project: 'project-2',
    location: 'us-central1',
    keyring: 'keyring-2',
    key: 'key-2',
    version: '2',
    webBundleId: 'apoxa7f2rif64q7nzkp5l5cgdhkusxwzl4fjl4m6vkbbpbptpdpcoaacai'
  }
]

Sample JSON identifying a key:

{
  "project": "project-id",
  "location": "global",
  "keyring": "keyring-id",
  "key": "key-id",
  "version": "1"
}

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages