Encrypt PD with CSEK with SHA256 wrapped key [130339784]

Assigned

Feature Request

Status Update

No update yet.

Description

pa...@google.com

created issue #1

Apr 11, 2019 11:22AM

Problem you have encountered: encrypt PD with CSEK with SHA256 wrapped key is currently not supported

What you expected to happen: have support for SHA-256 to encrypt Cloud PD

Other information (workarounds you have tried, documentation consulted, etc):
- The encryption currently supported is SHA-1
- Wrapping the key using SHA-256 for padding, the creation of the encrypted disk fails with the error:
"The encryption key provided for the disk was encrypted with a public key that is either out of date or is otherwise invalid."
- Gcloud public documentation includes code to generate SHA-256 encryption keys, but is not possible to encrypt PD with those keys [1]

[1]

https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#rsa-encryption

Comments

sm...@google.com <sm...@google.com> #2Sep 3, 2019 08:58AM

Thanks for the report. I will route this to the appropriate internal team and update this when I hear back from them.

Issue 130339784

Description

Issue summary

Comments

sm...@google.com <sm...@google.com> #2Sep 3, 2019 08:58AM

Add comment

Issue metadata