npm
Sign UpSign In

wbn-sign-gcp-kms
TypeScript icon, indicating that this package has built-in type declarations

0.0.1 • Public • Published

Signing web bundles using GCP KMS API

This is a Node.js module for signing Web Bundles using wbn-sign with GCP KMS API.

Usage

Lib

You can supply the GCPWbnSigner class to wbnSign.IntegrityBlockSigner from the wbn-sign NPM package like this:

import { GCPWbnSigner } from 'wbn-sign-gcp-kms';

...

const { signedWebBundle } = await new wbnSign.IntegrityBlockSigner(
  true,
  webBundle,
  webBundleId,
  [
    new GCPWbnSigner({
      project: projectId,
      location: locationId,
      keyring: keyringId,
      key: keyId,
      version: versionId
    })
  ]
).sign();

There's also a shortcut to that, signBundle:

import { signBundle } from 'wbn-sign-gcp-kms';

...

const signedWebBundle = await signBundle(
  webBundle,
  webBundleId,
  [
    {
      project: projectId,
      location: locationId,
      keyring: keyringId,
      key: keyId,
      version: versionId
    }
  ]
);

Provided that the key path is correct and you are correctly authenticated for the purpose of GCP KMS Node.js API, this will give you the signed web bundle.

You can also get the web bundle IDs of your keys using a helper function:

import { getWebBundleIds } from 'wbn-sign-gcp-kms';

...

const keyIdsWithBundleIds = await getWebBundleIds(
  [
    {
      project: projectId,
      location: locationId,
      keyring: keyringId,
      key: keyId,
      version: versionId
    },
    {
      project: projectId2,
      location: locationId2,
      keyring: keyringId2,
      key: keyId2,
      version: versionId2
    }
  ]
)

This will return GCPKeyInfoWithBundleId[] for the provided keys.

CLI

Example of signing:

$ wbn-gcp-kms sign \
  --key-id-json ./key1.json \
  --key-id-json ./key2.json \
  --web-bundle-id ao6qlxy53numov53l37w3vcvtpckzhmbvhoqtqs7g6enzlkqdya5waacai \
  --input webbundle.wbn \
  --output webbundle.swbn

Example of dumping bundle IDs:

$ wbn-gcp-kms get-ids --key-id-json ./key1.json --key-id-json ./key2.json
[
  {
    project: 'project-1',
    location: 'global',
    keyring: 'keyring-1',
    key: 'key-1',
    version: '1',
    webBundleId: 'ao6qlxy53numov53l37w3vcvtpckzhmbvhoqtqs7g6enzlkqdya5waacai'
  },
  {
    project: 'project-2',
    location: 'us-central1',
    keyring: 'keyring-2',
    key: 'key-2',
    version: '2',
    webBundleId: 'apoxa7f2rif64q7nzkp5l5cgdhkusxwzl4fjl4m6vkbbpbptpdpcoaacai'
  }
]

Sample JSON identifying a key:

{
  "project": "project-id",
  "location": "global",
  "keyring": "keyring-id",
  "key": "key-id",
  "version": "1"
}

Dependencies (4)

Dev Dependencies (6)

Package Sidebar

Install

npm i wbn-sign-gcp-kms

Repository

github.com/chromeos/wbn-sign-gcp-kms

Homepage

github.com/chromeos/wbn-sign-gcp-kms#readme

Weekly Downloads

2

Version

0.0.1

License

Apache-2.0

Unpacked Size

4.31 MB

Total Files

21

Last publish

Collaborators

  • google-wombot
Try on RunKit
Report malware