I am using NodeJS v10 (AngularJS MeanStack) with GCP KMS (@google-cloud/kms) to create key, encrypt & decrypt strings using those keys.
I am in a very strange issue, where createKeys function doesn't return to its callback (but timeout after a very long interval). there is not error or result coming into that function. While using the same manually created keys, I can encrypt & decrypt with the same SDK.
my createKeys function looks like
function createKeyHSM(keyId, done) {
if (!keyId) {
return done('Google KMS - Cannot create Key - KeyID is missing', null);
}
const keyRingName = client.keyRingPath(projectId, locationId, keyRingId);
client.createCryptoKey({
parent: keyRingName,
cryptoKeyId: 'my-test',
cryptoKey: {
purpose: 'ENCRYPT_DECRYPT',
versionTemplate: {
algorithm: 'GOOGLE_SYMMETRIC_ENCRYPTION',
protectionLevel: 'HSM',
},
// Rotate the key every 90 days.
rotationPeriod: config.googleKMS.rotationPeriod,
nextRotationTime: {
seconds: new Date().getTime() / 1000 + 60 * 60 * 72,
},
},
}).then(result => {
return done(null, result);
}).catch(err => {
ccmLogger.error(new VError(err));
return done(err);
});
}
The strange part is, if I create the same key using the console and try to encrypt or decrypt, it works like charm. here is the encrypt code for reference:
function encryptSymmetric(dataToEncrypt, keyName, done) {
if ((!dataToEncrypt) || (!keyName)) {
return done('Google KMS - Cannot encrypt, missing plainText or KeyID.', null);
}
const keyPath = client.keyRingPath(projectId, locationId, keyRingId, keyName);
client.encrypt({
name: keyPath,
plaintext: Buffer.from(dataToEncrypt),
}, null, (err, encryptResponse) => {
if(err) {
done(err);
}
const ciphertext = encryptResponse.ciphertext.toString('base64');
done(null, ciphertext);
});
}
Based on the behavior above, I conclude that there isn't any connectivity issue.
While the funny part is, if I run these code in an isolated new project, they do work but not on the current project and I cant seem to think of any reason of its behavior.
