!SrSSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SSK Jr SSK J r SSK Jr SS K Jr SS KJr SS KJr SS KJr "S S\ R,5rg)z%Encrypt a plaintext file using a key.)absolute_import)division)unicode_literals) exceptions)base)crc32c) e2e_integrity)flags)log) console_io)filescL\rSrSrSr\S5rSrSrSr Sr Sr S r S r g ) Encrypt!aEncrypt a plaintext file using a key. Encrypts the given plaintext file using the given CryptoKey and writes the result to the named ciphertext file. The plaintext file must not be larger than 64KiB. If an additional authenticated data file is provided, its contents must also be provided during decryption. The file must not be larger than 64KiB. The flag `--version` indicates the version of the key to use for encryption. By default, the primary version is used. If `--plaintext-file` or `--additional-authenticated-data-file` is set to '-', that file is read from stdin. Similarly, if `--ciphertext-file` is set to '-', the ciphertext is written to stdout. By default, the command performs integrity verification on data sent to and received from Cloud KMS. Use `--skip-integrity-verification` to disable integrity verification. ## EXAMPLES The following command will read the file 'path/to/plaintext', encrypt it using the CryptoKey `frodo` with the KeyRing `fellowship` and Location `global`, and write the ciphertext to 'path/to/ciphertext'. $ {command} \ --key=frodo \ --keyring=fellowship \ --location=global \ --plaintext-file=path/to/input/plaintext \ --ciphertext-file=path/to/output/ciphertext c[R"US5 [R"US5 [R"US5 [R"US5 [R "U5 [R "U5 g)NzThe key to use for encryption.zto use for encryptionz to encryptz to output)r AddKeyResourceFlagsAddCryptoKeyVersionFlagAddPlaintextFileFlagAddCiphertextFileFlagAddAadFileFlagAddSkipIntegrityVerification)parsers lib/surface/kms/encrypt.pyArgs Encrypt.ArgsCs` f&FG !!&*AB v|4  4   &&v.c[R"USS9n[U5U:a%[R"SR X55eU$)NT)binaryzPj#22&)*,6 38c J$223@c JS ;;'  ' ' 4 ; ;!!1 & '''[[A)) J VD;;Q ?A AAs/E;'G;G0F??GH0H  HctURURUR5nURU:wa5[R"[R"URU55eUR (d)[R "[R"55eUR(d)[R "[R"55e[R"URUR5(d)[R "[R"55eg)a%Verifies integrity fields in EncryptResponse. Note: This methods assumes that self._PerformIntegrityVerification() is True and that all request CRC32C fields were pupolated. Args: req: messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysEncryptRequest() object resp: messages.EncryptResponse() object. Returns: Void. Raises: e2e_integrity.ServerSideIntegrityVerificationError if the server reports request integrity verification error. e2e_integrity.ClientSideIntegrityVerificationError if response integrity verification fails. N)r4r8r ResourceNameVerificationError#GetResourceNameMismatchErrorMessageverifiedPlaintextCrc32c$ClientSideIntegrityVerificationError'GetRequestToServerCorruptedErrorMessage)verifiedAdditionalAuthenticatedDataCrc32cr Crc32cMatches ciphertextciphertextCrc32c*GetResponseFromServerCorruptedErrorMessage)r#rOrespr3s r_VerifyResponseIntegrityFields&Encrypt._VerifyResponseIntegrityFieldss*//$))DI xx9  7 7  ; ;hh  # $$  ' '  > >  ? ? A CC  9 9  > >  ? ? A CC   1F1F G G  > >  B B D FF Hrc[R"5nURU5nURR U5nURU5(aURUW5 [R"URWRSSS9 g![ R a n[R"U5 SnANSnAff=f![R an["R$"U5eSnAff=f)NT)r overwrite)rDGetClientInstancerR&projects_locations_keyRings_cryptoKeysrapitools_exceptionsHttpBadRequestErrorr ProcessHttpBadRequestErrorr,r`r WriteToFileOrStdoutciphertext_filer\r r@rr!)r#r+clientrOr_errorrKs rRun Encrypt.Runs  , , .F  $ $T *C6  : : B B3 Gd  ))$// ))#t4+    N  2 26..u556 ;;+  ' ' **+s/B,+CC ,CC C>#C99C>N)__name__ __module__ __qualname____firstlineno____doc__ staticmethodrr'r,r4rRr`rm__static_attributes__rorrrr!s=B//0$4l(FT+rrN)rt __future__rrrapitools.base.pyrrfgooglecloudsdk.api_lib.cloudkmsrrDgooglecloudsdk.calliopegooglecloudsdk.command_lib.kmsrr r googlecloudsdk.corer googlecloudsdk.core.consoler googlecloudsdk.core.utilr CommandrrorrrsC,&'>A(.180#2*y+dlly+r