usingGoogle.Cloud.Kms.V1;publicclassCreateKeySymmetricEncryptDecryptSample{publicCryptoKeyCreateKeySymmetricEncryptDecrypt(stringprojectId="my-project",stringlocationId="us-east1",stringkeyRingId="my-key-ring",stringid="my-symmetric-encryption-key"){// Create the client.KeyManagementServiceClientclient=KeyManagementServiceClient.Create();// Build the parent key ring name.KeyRingNamekeyRingName=newKeyRingName(projectId,locationId,keyRingId);// Build the key.CryptoKeykey=newCryptoKey{Purpose=CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt,VersionTemplate=newCryptoKeyVersionTemplate{Algorithm=CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.GoogleSymmetricEncryption,}};// Call the API.CryptoKeyresult=client.CreateCryptoKey(keyRingName,id,key);// Return the result.returnresult;}}

import("context""fmt""io"kms"cloud.google.com/go/kms/apiv1""cloud.google.com/go/kms/apiv1/kmspb")// createKeySymmetricEncryptDecrypt creates a new symmetric encrypt/decrypt key// on Cloud KMS.funccreateKeySymmetricEncryptDecrypt(wio.Writer,parent,idstring)error{// parent := "projects/my-project/locations/us-east1/keyRings/my-key-ring"// id := "my-symmetric-encryption-key"// Create the client.ctx:=context.Background()client,err:=kms.NewKeyManagementClient(ctx)iferr!=nil{returnfmt.Errorf("failed to create kms client: %w",err)}deferclient.Close()// Build the request.req:=&kmspb.CreateCryptoKeyRequest{Parent:parent,CryptoKeyId:id,CryptoKey:&kmspb.CryptoKey{Purpose:kmspb.CryptoKey_ENCRYPT_DECRYPT,VersionTemplate:&kmspb.CryptoKeyVersionTemplate{Algorithm:kmspb.CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION,},},}// Call the API.result,err:=client.CreateCryptoKey(ctx,req)iferr!=nil{returnfmt.Errorf("failed to create key: %w",err)}fmt.Fprintf(w,"Created key: %s\n",result.Name)returnnil}

importcom.google.cloud.kms.v1.CryptoKey;importcom.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose;importcom.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm;importcom.google.cloud.kms.v1.CryptoKeyVersionTemplate;importcom.google.cloud.kms.v1.KeyManagementServiceClient;importcom.google.cloud.kms.v1.KeyRingName;importjava.io.IOException;publicclassCreateKeySymmetricEncryptDecrypt{publicvoidcreateKeySymmetricEncryptDecrypt()throwsIOException{// TODO(developer): Replace these variables before running the sample.StringprojectId="your-project-id";StringlocationId="us-east1";StringkeyRingId="my-key-ring";Stringid="my-key";createKeySymmetricEncryptDecrypt(projectId,locationId,keyRingId,id);}// Create a new key that is used for symmetric encryption and decryption.publicvoidcreateKeySymmetricEncryptDecrypt(StringprojectId,StringlocationId,StringkeyRingId,Stringid)throwsIOException{// Initialize client that will be used to send requests. This client only// needs to be created once, and can be reused for multiple requests. After// completing all of your requests, call the "close" method on the client to// safely clean up any remaining background resources.try(KeyManagementServiceClientclient=KeyManagementServiceClient.create()){// Build the parent name from the project, location, and key ring.KeyRingNamekeyRingName=KeyRingName.of(projectId,locationId,keyRingId);// Build the symmetric key to create.CryptoKeykey=CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).build();// Create the key.CryptoKeycreatedKey=client.createCryptoKey(keyRingName,id,key);System.out.printf("Created symmetric key %s%n",createdKey.getName());}}}

//// TODO(developer): Uncomment these variables before running the sample.//// const projectId = 'my-project';// const locationId = 'us-east1';// const keyRingId = 'my-key-ring';// const id = 'my-symmetric-encryption-key';// Imports the Cloud KMS libraryconst{KeyManagementServiceClient}=require('@google-cloud/kms');// Instantiates a clientconstclient=newKeyManagementServiceClient();// Build the parent key ring nameconstkeyRingName=client.keyRingPath(projectId,locationId,keyRingId);asyncfunctioncreateKeySymmetricEncryptDecrypt(){const[key]=awaitclient.createCryptoKey({parent:keyRingName,cryptoKeyId:id,cryptoKey:{purpose:'ENCRYPT_DECRYPT',versionTemplate:{algorithm:'GOOGLE_SYMMETRIC_ENCRYPTION',},},});console.log(`Created symmetric key:${key.name}`);returnkey;}returncreateKeySymmetricEncryptDecrypt();

use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;use Google\Cloud\Kms\V1\CreateCryptoKeyRequest;use Google\Cloud\Kms\V1\CryptoKey;use Google\Cloud\Kms\V1\CryptoKey\CryptoKeyPurpose;use Google\Cloud\Kms\V1\CryptoKeyVersion\CryptoKeyVersionAlgorithm;use Google\Cloud\Kms\V1\CryptoKeyVersionTemplate;function create_key_symmetric_encrypt_decrypt(    string $projectId = 'my-project',    string $locationId = 'us-east1',    string $keyRingId = 'my-key-ring',    string $id = 'my-symmetric-key'): CryptoKey {    // Create the Cloud KMS client.    $client = new KeyManagementServiceClient();    // Build the parent key ring name.    $keyRingName = $client->keyRingName($projectId, $locationId, $keyRingId);    // Build the key.    $key = (new CryptoKey())        ->setPurpose(CryptoKeyPurpose::ENCRYPT_DECRYPT)        ->setVersionTemplate((new CryptoKeyVersionTemplate())            ->setAlgorithm(CryptoKeyVersionAlgorithm::GOOGLE_SYMMETRIC_ENCRYPTION)        );    // Call the API.    $createCryptoKeyRequest = (new CreateCryptoKeyRequest())        ->setParent($keyRingName)        ->setCryptoKeyId($id)        ->setCryptoKey($key);    $createdKey = $client->createCryptoKey($createCryptoKeyRequest);    printf('Created symmetric key: %s' . PHP_EOL, $createdKey->getName());    return $createdKey;}

fromgoogle.cloudimportkmsdefcreate_key_symmetric_encrypt_decrypt(project_id:str,location_id:str,key_ring_id:str,key_id:str)->kms.CryptoKey:"""    Creates a new symmetric encryption/decryption key in Cloud KMS.    Args:        project_id (string): Google Cloud project ID (e.g. 'my-project').        location_id (string): Cloud KMS location (e.g. 'us-east1').        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').        key_id (string): ID of the key to create (e.g. 'my-symmetric-key').    Returns:        CryptoKey: Cloud KMS key.    """# Create the client.client=kms.KeyManagementServiceClient()# Build the parent key ring name.key_ring_name=client.key_ring_path(project_id,location_id,key_ring_id)# Build the key.purpose=kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPTalgorithm=(kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)key={"purpose":purpose,"version_template":{"algorithm":algorithm,},}# Call the API.created_key=client.create_crypto_key(request={"parent":key_ring_name,"crypto_key_id":key_id,"crypto_key":key})print(f"Created symmetric key:{created_key.name}")returncreated_key

# TODO(developer): uncomment these values before running the sample.# project_id  = "my-project"# location_id = "us-east1"# key_ring_id = "my-key-ring"# id          = "my-symmetric-key"# Require the library.require"google/cloud/kms"# Create the client.client=Google::Cloud::Kms.key_management_service# Build the parent key ring name.key_ring_name=client.key_ring_pathproject:project_id,location:location_id,key_ring:key_ring_id# Build the key.key={purpose::ENCRYPT_DECRYPT,version_template:{algorithm::GOOGLE_SYMMETRIC_ENCRYPTION}}# Call the API.created_key=client.create_crypto_keyparent:key_ring_name,crypto_key_id:id,crypto_key:keyputs"Created symmetric key:#{created_key.name}"

usingGoogle.Cloud.Kms.V1;usingGoogle.Protobuf.WellKnownTypes;usingSystem;publicclassCreateKeyRotationScheduleSample{publicCryptoKeyCreateKeyRotationSchedule(stringprojectId="my-project",stringlocationId="us-east1",stringkeyRingId="my-key-ring",stringid="my-key-with-rotation-schedule"){// Create the client.KeyManagementServiceClientclient=KeyManagementServiceClient.Create();// Build the parent key ring name.KeyRingNamekeyRingName=newKeyRingName(projectId,locationId,keyRingId);// Build the key.CryptoKeykey=newCryptoKey{Purpose=CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt,VersionTemplate=newCryptoKeyVersionTemplate{Algorithm=CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.GoogleSymmetricEncryption,},// Rotate the key every 30 days.RotationPeriod=newDuration{Seconds=60*60*24*30,// 30 days},// Start the first rotation in 24 hours.NextRotationTime=newTimestamp{Seconds=newDateTimeOffset(DateTime.UtcNow.AddHours(24)).ToUnixTimeSeconds(),}};// Call the API.CryptoKeyresult=client.CreateCryptoKey(keyRingName,id,key);// Return the result.returnresult;}}

import("context""fmt""io""time"kms"cloud.google.com/go/kms/apiv1""cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/protobuf/types/known/durationpb""google.golang.org/protobuf/types/known/timestamppb")// createKeyRotationSchedule creates a key with a rotation schedule.funccreateKeyRotationSchedule(wio.Writer,parent,idstring)error{// name := "projects/my-project/locations/us-east1/keyRings/my-key-ring"// id := "my-key-with-rotation-schedule"// Create the client.ctx:=context.Background()client,err:=kms.NewKeyManagementClient(ctx)iferr!=nil{returnfmt.Errorf("failed to create kms client: %w",err)}deferclient.Close()// Build the request.req:=&kmspb.CreateCryptoKeyRequest{Parent:parent,CryptoKeyId:id,CryptoKey:&kmspb.CryptoKey{Purpose:kmspb.CryptoKey_ENCRYPT_DECRYPT,VersionTemplate:&kmspb.CryptoKeyVersionTemplate{Algorithm:kmspb.CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION,},// Rotate the key every 30 daysRotationSchedule:&kmspb.CryptoKey_RotationPeriod{RotationPeriod:&durationpb.Duration{Seconds:int64(60*60*24*30),// 30 days},},// Start the first rotation in 24 hoursNextRotationTime:&timestamppb.Timestamp{Seconds:time.Now().Add(24*time.Hour).Unix(),},},}// Call the API.result,err:=client.CreateCryptoKey(ctx,req)iferr!=nil{returnfmt.Errorf("failed to create key: %w",err)}fmt.Fprintf(w,"Created key: %s\n",result.Name)returnnil}

importcom.google.cloud.kms.v1.CryptoKey;importcom.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose;importcom.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm;importcom.google.cloud.kms.v1.CryptoKeyVersionTemplate;importcom.google.cloud.kms.v1.KeyManagementServiceClient;importcom.google.cloud.kms.v1.KeyRingName;importcom.google.protobuf.Duration;importcom.google.protobuf.Timestamp;importjava.io.IOException;importjava.time.temporal.ChronoUnit;publicclassCreateKeyRotationSchedule{publicvoidcreateKeyRotationSchedule()throwsIOException{// TODO(developer): Replace these variables before running the sample.StringprojectId="your-project-id";StringlocationId="us-east1";StringkeyRingId="my-key-ring";Stringid="my-key";createKeyRotationSchedule(projectId,locationId,keyRingId,id);}// Create a new key that automatically rotates on a schedule.publicvoidcreateKeyRotationSchedule(StringprojectId,StringlocationId,StringkeyRingId,Stringid)throwsIOException{// Initialize client that will be used to send requests. This client only// needs to be created once, and can be reused for multiple requests. After// completing all of your requests, call the "close" method on the client to// safely clean up any remaining background resources.try(KeyManagementServiceClientclient=KeyManagementServiceClient.create()){// Build the parent name from the project, location, and key ring.KeyRingNamekeyRingName=KeyRingName.of(projectId,locationId,keyRingId);// Calculate the date 24 hours from now (this is used below).longtomorrow=java.time.Instant.now().plus(24,ChronoUnit.HOURS).getEpochSecond();// Build the key to create with a rotation schedule.CryptoKeykey=CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION))// Rotate every 30 days..setRotationPeriod(Duration.newBuilder().setSeconds(java.time.Duration.ofDays(30).getSeconds()))// Start the first rotation in 24 hours..setNextRotationTime(Timestamp.newBuilder().setSeconds(tomorrow)).build();// Create the key.CryptoKeycreatedKey=client.createCryptoKey(keyRingName,id,key);System.out.printf("Created key with rotation schedule %s%n",createdKey.getName());}}}

//// TODO(developer): Uncomment these variables before running the sample.//// const projectId = 'my-project';// const locationId = 'us-east1';// const keyRingId = 'my-key-ring';// const id = 'my-rotating-encryption-key';// Imports the Cloud KMS libraryconst{KeyManagementServiceClient}=require('@google-cloud/kms');// Instantiates a clientconstclient=newKeyManagementServiceClient();// Build the parent key ring nameconstkeyRingName=client.keyRingPath(projectId,locationId,keyRingId);asyncfunctioncreateKeyRotationSchedule(){const[key]=awaitclient.createCryptoKey({parent:keyRingName,cryptoKeyId:id,cryptoKey:{purpose:'ENCRYPT_DECRYPT',versionTemplate:{algorithm:'GOOGLE_SYMMETRIC_ENCRYPTION',},// Rotate the key every 30 days.rotationPeriod:{seconds:60*60*24*30,},// Start the first rotation in 24 hours.nextRotationTime:{seconds:newDate().getTime()/1000+60*60*24,},},});console.log(`Created rotating key:${key.name}`);returnkey;}returncreateKeyRotationSchedule();

use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;use Google\Cloud\Kms\V1\CreateCryptoKeyRequest;use Google\Cloud\Kms\V1\CryptoKey;use Google\Cloud\Kms\V1\CryptoKey\CryptoKeyPurpose;use Google\Cloud\Kms\V1\CryptoKeyVersion\CryptoKeyVersionAlgorithm;use Google\Cloud\Kms\V1\CryptoKeyVersionTemplate;use Google\Protobuf\Duration;use Google\Protobuf\Timestamp;function create_key_rotation_schedule(    string $projectId = 'my-project',    string $locationId = 'us-east1',    string $keyRingId = 'my-key-ring',    string $id = 'my-key-with-rotation-schedule'): CryptoKey {    // Create the Cloud KMS client.    $client = new KeyManagementServiceClient();    // Build the parent key ring name.    $keyRingName = $client->keyRingName($projectId, $locationId, $keyRingId);    // Build the key.    $key = (new CryptoKey())        ->setPurpose(CryptoKeyPurpose::ENCRYPT_DECRYPT)        ->setVersionTemplate((new CryptoKeyVersionTemplate())            ->setAlgorithm(CryptoKeyVersionAlgorithm::GOOGLE_SYMMETRIC_ENCRYPTION))        // Rotate the key every 30 days.        ->setRotationPeriod((new Duration())            ->setSeconds(60 * 60 * 24 * 30)        )        // Start the first rotation in 24 hours.        ->setNextRotationTime((new Timestamp())            ->setSeconds(time() + 60 * 60 * 24)        );    // Call the API.    $createCryptoKeyRequest = (new CreateCryptoKeyRequest())        ->setParent($keyRingName)        ->setCryptoKeyId($id)        ->setCryptoKey($key);    $createdKey = $client->createCryptoKey($createCryptoKeyRequest);    printf('Created key with rotation: %s' . PHP_EOL, $createdKey->getName());    return $createdKey;}

importtimefromgoogle.cloudimportkmsdefcreate_key_rotation_schedule(project_id:str,location_id:str,key_ring_id:str,key_id:str)->kms.CryptoKey:"""    Creates a new key in Cloud KMS that automatically rotates.    Args:        project_id (string): Google Cloud project ID (e.g. 'my-project').        location_id (string): Cloud KMS location (e.g. 'us-east1').        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').        key_id (string): ID of the key to create (e.g. 'my-rotating-key').    Returns:        CryptoKey: Cloud KMS key.    """# Create the client.client=kms.KeyManagementServiceClient()# Build the parent key ring name.key_ring_name=client.key_ring_path(project_id,location_id,key_ring_id)# Build the key.purpose=kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPTalgorithm=(kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)key={"purpose":purpose,"version_template":{"algorithm":algorithm,},# Rotate the key every 30 days."rotation_period":{"seconds":60*60*24*30},# Start the first rotation in 24 hours."next_rotation_time":{"seconds":int(time.time())+60*60*24},}# Call the API.created_key=client.create_crypto_key(request={"parent":key_ring_name,"crypto_key_id":key_id,"crypto_key":key})print(f"Created labeled key:{created_key.name}")returncreated_key

# TODO(developer): uncomment these values before running the sample.# project_id  = "my-project"# location_id = "us-east1"# key_ring_id = "my-key-ring"# id          = "my-key-with-rotation"# Require the library.require"google/cloud/kms"# Create the client.client=Google::Cloud::Kms.key_management_service# Build the parent key ring name.key_ring_name=client.key_ring_pathproject:project_id,location:location_id,key_ring:key_ring_id# Build the key.key={purpose::ENCRYPT_DECRYPT,version_template:{algorithm::GOOGLE_SYMMETRIC_ENCRYPTION},# Rotate the key every 30 days.rotation_period:{seconds:60*60*24*30},# Start the first rotation in 24 hours.next_rotation_time:{seconds:(Time.now+(60*60*24)).to_i}}# Call the API.created_key=client.create_crypto_keyparent:key_ring_name,crypto_key_id:id,crypto_key:keyputs"Created rotating key:#{created_key.name}"

usingGoogle.Cloud.Kms.V1;usingGoogle.Protobuf.WellKnownTypes;publicclassCreateKeyAsymmetricDecryptSample{publicCryptoKeyCreateKeyAsymmetricDecrypt(stringprojectId="my-project",stringlocationId="us-east1",stringkeyRingId="my-key-ring",stringid="my-asymmetric-encrypt-key"){// Create the client.KeyManagementServiceClientclient=KeyManagementServiceClient.Create();// Build the parent key ring name.KeyRingNamekeyRingName=newKeyRingName(projectId,locationId,keyRingId);// Build the key.CryptoKeykey=newCryptoKey{Purpose=CryptoKey.Types.CryptoKeyPurpose.AsymmetricDecrypt,VersionTemplate=newCryptoKeyVersionTemplate{Algorithm=CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.RsaDecryptOaep2048Sha256,},// Optional: customize how long key versions should be kept before destroying.DestroyScheduledDuration=newDuration{Seconds=24*60*60,}};// Call the API.CryptoKeyresult=client.CreateCryptoKey(keyRingName,id,key);// Return the result.returnresult;}}

import("context""fmt""io""time"kms"cloud.google.com/go/kms/apiv1""cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/protobuf/types/known/durationpb")// createKeyAsymmetricDecrypt creates a new asymmetric RSA encrypt/decrypt key// pair where the private key is stored in Cloud KMS.funccreateKeyAsymmetricDecrypt(wio.Writer,parent,idstring)error{// parent := "projects/my-project/locations/us-east1/keyRings/my-key-ring"// id := "my-asymmetric-encryption-key"// Create the client.ctx:=context.Background()client,err:=kms.NewKeyManagementClient(ctx)iferr!=nil{returnfmt.Errorf("failed to create kms client: %w",err)}deferclient.Close()// Build the request.req:=&kmspb.CreateCryptoKeyRequest{Parent:parent,CryptoKeyId:id,CryptoKey:&kmspb.CryptoKey{Purpose:kmspb.CryptoKey_ASYMMETRIC_DECRYPT,VersionTemplate:&kmspb.CryptoKeyVersionTemplate{Algorithm:kmspb.CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256,},// Optional: customize how long key versions should be kept before destroying.DestroyScheduledDuration:durationpb.New(24*time.Hour),},}// Call the API.result,err:=client.CreateCryptoKey(ctx,req)iferr!=nil{returnfmt.Errorf("failed to create key: %w",err)}fmt.Fprintf(w,"Created key: %s\n",result.Name)returnnil}

importcom.google.cloud.kms.v1.CryptoKey;importcom.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose;importcom.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm;importcom.google.cloud.kms.v1.CryptoKeyVersionTemplate;importcom.google.cloud.kms.v1.KeyManagementServiceClient;importcom.google.cloud.kms.v1.KeyRingName;importcom.google.protobuf.Duration;importjava.io.IOException;publicclassCreateKeyAsymmetricDecrypt{publicvoidcreateKeyAsymmetricDecrypt()throwsIOException{// TODO(developer): Replace these variables before running the sample.StringprojectId="your-project-id";StringlocationId="us-east1";StringkeyRingId="my-key-ring";Stringid="my-asymmetric-decryption-key";createKeyAsymmetricDecrypt(projectId,locationId,keyRingId,id);}// Create a new asymmetric key for the purpose of encrypting and decrypting// data.publicvoidcreateKeyAsymmetricDecrypt(StringprojectId,StringlocationId,StringkeyRingId,Stringid)throwsIOException{// Initialize client that will be used to send requests. This client only// needs to be created once, and can be reused for multiple requests. After// completing all of your requests, call the "close" method on the client to// safely clean up any remaining background resources.try(KeyManagementServiceClientclient=KeyManagementServiceClient.create()){// Build the parent name from the project, location, and key ring.KeyRingNamekeyRingName=KeyRingName.of(projectId,locationId,keyRingId);// Build the asymmetric key to create.CryptoKeykey=CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ASYMMETRIC_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256))// Optional: customize how long key versions should be kept before destroying..setDestroyScheduledDuration(Duration.newBuilder().setSeconds(24*60*60)).build();// Create the key.CryptoKeycreatedKey=client.createCryptoKey(keyRingName,id,key);System.out.printf("Created asymmetric key %s%n",createdKey.getName());}}}

//// TODO(developer): Uncomment these variables before running the sample.//// const projectId = 'my-project';// const locationId = 'us-east1';// const keyRingId = 'my-key-ring';// const id = 'my-asymmetric-decrypt-key';// Imports the Cloud KMS libraryconst{KeyManagementServiceClient}=require('@google-cloud/kms');// Instantiates a clientconstclient=newKeyManagementServiceClient();// Build the parent key ring nameconstkeyRingName=client.keyRingPath(projectId,locationId,keyRingId);asyncfunctioncreateKeyAsymmetricDecrypt(){const[key]=awaitclient.createCryptoKey({parent:keyRingName,cryptoKeyId:id,cryptoKey:{purpose:'ASYMMETRIC_DECRYPT',versionTemplate:{algorithm:'RSA_DECRYPT_OAEP_2048_SHA256',},// Optional: customize how long key versions should be kept before// destroying.destroyScheduledDuration:{seconds:60*60*24},},});console.log(`Created asymmetric key:${key.name}`);returnkey;}returncreateKeyAsymmetricDecrypt();

use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;use Google\Cloud\Kms\V1\CreateCryptoKeyRequest;use Google\Cloud\Kms\V1\CryptoKey;use Google\Cloud\Kms\V1\CryptoKey\CryptoKeyPurpose;use Google\Cloud\Kms\V1\CryptoKeyVersion\CryptoKeyVersionAlgorithm;use Google\Cloud\Kms\V1\CryptoKeyVersionTemplate;use Google\Protobuf\Duration;function create_key_asymmetric_decrypt(    string $projectId = 'my-project',    string $locationId = 'us-east1',    string $keyRingId = 'my-key-ring',    string $id = 'my-asymmetric-decrypt-key'): CryptoKey {    // Create the Cloud KMS client.    $client = new KeyManagementServiceClient();    // Build the parent key ring name.    $keyRingName = $client->keyRingName($projectId, $locationId, $keyRingId);    // Build the key.    $key = (new CryptoKey())        ->setPurpose(CryptoKeyPurpose::ASYMMETRIC_DECRYPT)        ->setVersionTemplate((new CryptoKeyVersionTemplate())            ->setAlgorithm(CryptoKeyVersionAlgorithm::RSA_DECRYPT_OAEP_2048_SHA256)        )        // Optional: customize how long key versions should be kept before destroying.        ->setDestroyScheduledDuration((new Duration())            ->setSeconds(24 * 60 * 60)        );    // Call the API.    $createCryptoKeyRequest = (new CreateCryptoKeyRequest())        ->setParent($keyRingName)        ->setCryptoKeyId($id)        ->setCryptoKey($key);    $createdKey = $client->createCryptoKey($createCryptoKeyRequest);    printf('Created asymmetric decryption key: %s' . PHP_EOL, $createdKey->getName());    return $createdKey;}

importdatetime# Import the client library.fromgoogle.cloudimportkmsfromgoogle.protobufimportduration_pb2# type: ignoredefcreate_key_asymmetric_decrypt(project_id:str,location_id:str,key_ring_id:str,key_id:str)->kms.CryptoKey:"""    Creates a new asymmetric decryption key in Cloud KMS.    Args:        project_id (string): Google Cloud project ID (e.g. 'my-project').        location_id (string): Cloud KMS location (e.g. 'us-east1').        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').        key_id (string): ID of the key to create (e.g. 'my-asymmetric-decrypt-key').    Returns:        CryptoKey: Cloud KMS key.    """# Create the client.client=kms.KeyManagementServiceClient()# Build the parent key ring name.key_ring_name=client.key_ring_path(project_id,location_id,key_ring_id)# Build the key.purpose=kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPTalgorithm=(kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256)key={"purpose":purpose,"version_template":{"algorithm":algorithm,},# Optional: customize how long key versions should be kept before# destroying."destroy_scheduled_duration":duration_pb2.Duration().FromTimedelta(datetime.timedelta(days=1)),}# Call the API.created_key=client.create_crypto_key(request={"parent":key_ring_name,"crypto_key_id":key_id,"crypto_key":key})print(f"Created asymmetric decrypt key:{created_key.name}")returncreated_key

# TODO(developer): uncomment these values before running the sample.# project_id  = "my-project"# location_id = "us-east1"# key_ring_id = "my-key-ring"# id          = "my-asymmetric-decrypt-key"# Require the library.require"google/cloud/kms"# Create the client.client=Google::Cloud::Kms.key_management_service# Build the parent key ring name.key_ring_name=client.key_ring_pathproject:project_id,location:location_id,key_ring:key_ring_id# Build the key.key={purpose::ASYMMETRIC_DECRYPT,version_template:{algorithm::RSA_DECRYPT_OAEP_2048_SHA256},# Optional: customize how long key versions should be kept before destroying.destroy_scheduled_duration:{seconds:24*60*60}}# Call the API.created_key=client.create_crypto_keyparent:key_ring_name,crypto_key_id:id,crypto_key:keyputs"Created asymmetric decryption key:#{created_key.name}"

usingGoogle.Cloud.Kms.V1;usingGoogle.Protobuf.WellKnownTypes;publicclassCreateKeyAsymmetricSignSample{publicCryptoKeyCreateKeyAsymmetricSign(stringprojectId="my-project",stringlocationId="us-east1",stringkeyRingId="my-key-ring",stringid="my-asymmetric-signing-key"){// Create the client.KeyManagementServiceClientclient=KeyManagementServiceClient.Create();// Build the parent key ring name.KeyRingNamekeyRingName=newKeyRingName(projectId,locationId,keyRingId);// Build the key.CryptoKeykey=newCryptoKey{Purpose=CryptoKey.Types.CryptoKeyPurpose.AsymmetricSign,VersionTemplate=newCryptoKeyVersionTemplate{Algorithm=CryptoKeyVersion.Types.CryptoKeyVersionAlgorithm.RsaSignPkcs12048Sha256,},// Optional: customize how long key versions should be kept before destroying.DestroyScheduledDuration=newDuration{Seconds=24*60*60,}};// Call the API.CryptoKeyresult=client.CreateCryptoKey(keyRingName,id,key);// Return the result.returnresult;}}

import("context""fmt""io""time"kms"cloud.google.com/go/kms/apiv1""cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/protobuf/types/known/durationpb")// createKeyAsymmetricSign creates a new asymmetric RSA sign/verify key pair// where the private key is stored in Cloud KMS.funccreateKeyAsymmetricSign(wio.Writer,parent,idstring)error{// parent := "projects/my-project/locations/us-east1/keyRings/my-key-ring"// id := "my-asymmetric-signing-key"// Create the client.ctx:=context.Background()client,err:=kms.NewKeyManagementClient(ctx)iferr!=nil{returnfmt.Errorf("failed to create kms client: %w",err)}deferclient.Close()// Build the request.req:=&kmspb.CreateCryptoKeyRequest{Parent:parent,CryptoKeyId:id,CryptoKey:&kmspb.CryptoKey{Purpose:kmspb.CryptoKey_ASYMMETRIC_SIGN,VersionTemplate:&kmspb.CryptoKeyVersionTemplate{Algorithm:kmspb.CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256,},// Optional: customize how long key versions should be kept before destroying.DestroyScheduledDuration:durationpb.New(24*time.Hour),},}// Call the API.result,err:=client.CreateCryptoKey(ctx,req)iferr!=nil{returnfmt.Errorf("failed to create key: %w",err)}fmt.Fprintf(w,"Created key: %s\n",result.Name)returnnil}

importcom.google.cloud.kms.v1.CryptoKey;importcom.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose;importcom.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm;importcom.google.cloud.kms.v1.CryptoKeyVersionTemplate;importcom.google.cloud.kms.v1.KeyManagementServiceClient;importcom.google.cloud.kms.v1.KeyRingName;importcom.google.protobuf.Duration;importjava.io.IOException;publicclassCreateKeyAsymmetricSign{publicvoidcreateKeyAsymmetricSign()throwsIOException{// TODO(developer): Replace these variables before running the sample.StringprojectId="your-project-id";StringlocationId="us-east1";StringkeyRingId="my-key-ring";Stringid="my-asymmetric-signing-key";createKeyAsymmetricSign(projectId,locationId,keyRingId,id);}// Create a new asymmetric key for the purpose of signing and verifying data.publicvoidcreateKeyAsymmetricSign(StringprojectId,StringlocationId,StringkeyRingId,Stringid)throwsIOException{// Initialize client that will be used to send requests. This client only// needs to be created once, and can be reused for multiple requests. After// completing all of your requests, call the "close" method on the client to// safely clean up any remaining background resources.try(KeyManagementServiceClientclient=KeyManagementServiceClient.create()){// Build the parent name from the project, location, and key ring.KeyRingNamekeyRingName=KeyRingName.of(projectId,locationId,keyRingId);// Build the asymmetric key to create.CryptoKeykey=CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ASYMMETRIC_SIGN).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256))// Optional: customize how long key versions should be kept before destroying..setDestroyScheduledDuration(Duration.newBuilder().setSeconds(24*60*60)).build();// Create the key.CryptoKeycreatedKey=client.createCryptoKey(keyRingName,id,key);System.out.printf("Created asymmetric key %s%n",createdKey.getName());}}}

//// TODO(developer): Uncomment these variables before running the sample.//// const projectId = 'my-project';// const locationId = 'us-east1';// const keyRingId = 'my-key-ring';// const id = 'my-asymmetric-sign-key';// Imports the Cloud KMS libraryconst{KeyManagementServiceClient}=require('@google-cloud/kms');// Instantiates a clientconstclient=newKeyManagementServiceClient();// Build the parent key ring nameconstkeyRingName=client.keyRingPath(projectId,locationId,keyRingId);asyncfunctioncreateKeyAsymmetricSign(){const[key]=awaitclient.createCryptoKey({parent:keyRingName,cryptoKeyId:id,cryptoKey:{purpose:'ASYMMETRIC_SIGN',versionTemplate:{algorithm:'RSA_SIGN_PKCS1_2048_SHA256',},// Optional: customize how long key versions should be kept before// destroying.destroyScheduledDuration:{seconds:60*60*24},},});console.log(`Created asymmetric key:${key.name}`);returnkey;}returncreateKeyAsymmetricSign();

use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;use Google\Cloud\Kms\V1\CreateCryptoKeyRequest;use Google\Cloud\Kms\V1\CryptoKey;use Google\Cloud\Kms\V1\CryptoKey\CryptoKeyPurpose;use Google\Cloud\Kms\V1\CryptoKeyVersion\CryptoKeyVersionAlgorithm;use Google\Cloud\Kms\V1\CryptoKeyVersionTemplate;use Google\Protobuf\Duration;function create_key_asymmetric_sign(    string $projectId = 'my-project',    string $locationId = 'us-east1',    string $keyRingId = 'my-key-ring',    string $id = 'my-asymmetric-signing-key'): CryptoKey {    // Create the Cloud KMS client.    $client = new KeyManagementServiceClient();    // Build the parent key ring name.    $keyRingName = $client->keyRingName($projectId, $locationId, $keyRingId);    // Build the key.    $key = (new CryptoKey())        ->setPurpose(CryptoKeyPurpose::ASYMMETRIC_SIGN)        ->setVersionTemplate((new CryptoKeyVersionTemplate())            ->setAlgorithm(CryptoKeyVersionAlgorithm::RSA_SIGN_PKCS1_2048_SHA256)        )        // Optional: customize how long key versions should be kept before destroying.        ->setDestroyScheduledDuration((new Duration())            ->setSeconds(24 * 60 * 60)        );    // Call the API.    $createCryptoKeyRequest = (new CreateCryptoKeyRequest())        ->setParent($keyRingName)        ->setCryptoKeyId($id)        ->setCryptoKey($key);    $createdKey = $client->createCryptoKey($createCryptoKeyRequest);    printf('Created asymmetric signing key: %s' . PHP_EOL, $createdKey->getName());    return $createdKey;}

importdatetime# Import the client library.fromgoogle.cloudimportkmsfromgoogle.protobufimportduration_pb2# type: ignoredefcreate_key_asymmetric_sign(project_id:str,location_id:str,key_ring_id:str,key_id:str)->kms.CryptoKey:"""    Creates a new asymmetric signing key in Cloud KMS.    Args:        project_id (string): Google Cloud project ID (e.g. 'my-project').        location_id (string): Cloud KMS location (e.g. 'us-east1').        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').        key_id (string): ID of the key to create (e.g. 'my-asymmetric-signing-key').    Returns:        CryptoKey: Cloud KMS key.    """# Create the client.client=kms.KeyManagementServiceClient()# Build the parent key ring name.key_ring_name=client.key_ring_path(project_id,location_id,key_ring_id)# Build the key.purpose=kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGNalgorithm=(kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256)key={"purpose":purpose,"version_template":{"algorithm":algorithm,},# Optional: customize how long key versions should be kept before# destroying."destroy_scheduled_duration":duration_pb2.Duration().FromTimedelta(datetime.timedelta(days=1)),}# Call the API.created_key=client.create_crypto_key(request={"parent":key_ring_name,"crypto_key_id":key_id,"crypto_key":key})print(f"Created asymmetric signing key:{created_key.name}")returncreated_key

# TODO(developer): uncomment these values before running the sample.# project_id  = "my-project"# location_id = "us-east1"# key_ring_id = "my-key-ring"# id          = "my-asymmetric-signing-key"# Require the library.require"google/cloud/kms"# Create the client.client=Google::Cloud::Kms.key_management_service# Build the parent key ring name.key_ring_name=client.key_ring_pathproject:project_id,location:location_id,key_ring:key_ring_id# Build the key.key={purpose::ASYMMETRIC_SIGN,version_template:{algorithm::RSA_SIGN_PKCS1_2048_SHA256},# Optional: customize how long key versions should be kept before destroying.destroy_scheduled_duration:{seconds:24*60*60}}# Call the API.created_key=client.create_crypto_keyparent:key_ring_name,crypto_key_id:id,crypto_key:keyputs"Created asymmetric signing key:#{created_key.name}"

usingGoogle.Cloud.Kms.V1;publicclassGetPublicKeySample{publicPublicKeyGetPublicKey(stringprojectId="my-project",stringlocationId="us-east1",stringkeyRingId="my-key-ring",stringkeyId="my-key",stringkeyVersionId="123"){// Create the client.KeyManagementServiceClientclient=KeyManagementServiceClient.Create();// Build the key version name.CryptoKeyVersionNamekeyVersionName=newCryptoKeyVersionName(projectId,locationId,keyRingId,keyId,keyVersionId);// Call the API.PublicKeyresult=client.GetPublicKey(keyVersionName);// Return the ciphertext.returnresult;}}

import("context""crypto/x509""encoding/pem""fmt""hash/crc32""io"kms"cloud.google.com/go/kms/apiv1""cloud.google.com/go/kms/apiv1/kmspb")// getPublicKey retrieves the public key from an asymmetric key pair on// Cloud KMS.funcgetPublicKey(wio.Writer,namestring)error{// name := "projects/my-project/locations/us-east1/keyRings/my-key-ring/cryptoKeys/my-key/cryptoKeyVersions/123"// Create the client.ctx:=context.Background()client,err:=kms.NewKeyManagementClient(ctx)iferr!=nil{returnfmt.Errorf("failed to create kms client: %w",err)}deferclient.Close()// Build the request.req:=&kmspb.GetPublicKeyRequest{Name:name,}// Call the API.result,err:=client.GetPublicKey(ctx,req)iferr!=nil{returnfmt.Errorf("failed to get public key: %w",err)}// The 'Pem' field is the raw string representation of the public key.// Convert 'Pem' into bytes for further processing.key:=[]byte(result.Pem)// Optional, but recommended: perform integrity verification on result.// For more details on ensuring E2E in-transit integrity to and from Cloud KMS visit:// https://cloud.google.com/kms/docs/data-integrity-guidelinescrc32c:=func(data[]byte)uint32{t:=crc32.MakeTable(crc32.Castagnoli)returncrc32.Checksum(data,t)}ifint64(crc32c(key))!=result.PemCrc32C.Value{returnfmt.Errorf("getPublicKey: response corrupted in-transit")}// Optional - parse the public key. This transforms the string key into a Go// PublicKey.block,_:=pem.Decode(key)publicKey,err:=x509.ParsePKIXPublicKey(block.Bytes)iferr!=nil{returnfmt.Errorf("failed to parse public key: %w",err)}fmt.Fprintf(w,"Retrieved public key: %v\n",publicKey)returnnil}

importcom.google.cloud.kms.v1.CryptoKeyVersionName;importcom.google.cloud.kms.v1.KeyManagementServiceClient;importcom.google.cloud.kms.v1.PublicKey;importjava.io.IOException;importjava.security.GeneralSecurityException;publicclassGetPublicKey{publicvoidgetPublicKey()throwsIOException,GeneralSecurityException{// TODO(developer): Replace these variables before running the sample.StringprojectId="your-project-id";StringlocationId="us-east1";StringkeyRingId="my-key-ring";StringkeyId="my-key";StringkeyVersionId="123";getPublicKey(projectId,locationId,keyRingId,keyId,keyVersionId);}// Get the public key associated with an asymmetric key.publicvoidgetPublicKey(StringprojectId,StringlocationId,StringkeyRingId,StringkeyId,StringkeyVersionId)throwsIOException,GeneralSecurityException{// Initialize client that will be used to send requests. This client only// needs to be created once, and can be reused for multiple requests. After// completing all of your requests, call the "close" method on the client to// safely clean up any remaining background resources.try(KeyManagementServiceClientclient=KeyManagementServiceClient.create()){// Build the key version name from the project, location, key ring, key,// and key version.CryptoKeyVersionNamekeyVersionName=CryptoKeyVersionName.of(projectId,locationId,keyRingId,keyId,keyVersionId);// Get the public key.PublicKeypublicKey=client.getPublicKey(keyVersionName);System.out.printf("Public key: %s%n",publicKey.getPem());}}}

//// TODO(developer): Uncomment these variables before running the sample.//// const projectId = 'my-project';// const locationId = 'us-east1';// const keyRingId = 'my-key-ring';// const keyId = 'my-key';// Imports the Cloud KMS libraryconst{KeyManagementServiceClient}=require('@google-cloud/kms');// Instantiates a clientconstclient=newKeyManagementServiceClient();// Build the key version nameconstversionName=client.cryptoKeyVersionPath(projectId,locationId,keyRingId,keyId,versionId);asyncfunctiongetPublicKey(){const[publicKey]=awaitclient.getPublicKey({name:versionName,});// Optional, but recommended: perform integrity verification on publicKey.// For more details on ensuring E2E in-transit integrity to and from Cloud KMS visit:// https://cloud.google.com/kms/docs/data-integrity-guidelinesconstcrc32c=require('fast-crc32c');if(publicKey.name!==versionName){thrownewError('GetPublicKey: request corrupted in-transit');}if(crc32c.calculate(publicKey.pem)!==Number(publicKey.pemCrc32c.value)){thrownewError('GetPublicKey: response corrupted in-transit');}console.log(`Public key pem:${publicKey.pem}`);returnpublicKey;}returngetPublicKey();

use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;use Google\Cloud\Kms\V1\GetPublicKeyRequest;function get_public_key(    string $projectId = 'my-project',    string $locationId = 'us-east1',    string $keyRingId = 'my-key-ring',    string $keyId = 'my-key',    string $versionId = '123') {    // Create the Cloud KMS client.    $client = new KeyManagementServiceClient();    // Build the key version name.    $keyVersionName = $client->cryptoKeyVersionName($projectId, $locationId, $keyRingId, $keyId, $versionId);    // Call the API.    $getPublicKeyRequest = (new GetPublicKeyRequest())        ->setName($keyVersionName);    $publicKey = $client->getPublicKey($getPublicKeyRequest);    printf('Public key: %s' . PHP_EOL, $publicKey->getPem());    return $publicKey;}

fromgoogle.cloudimportkmsdefget_public_key(project_id:str,location_id:str,key_ring_id:str,key_id:str,version_id:str)->kms.PublicKey:"""    Get the public key for an asymmetric key.    Args:        project_id (string): Google Cloud project ID (e.g. 'my-project').        location_id (string): Cloud KMS location (e.g. 'us-east1').        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').        key_id (string): ID of the key to use (e.g. 'my-key').        version_id (string): ID of the key to use (e.g. '1').    Returns:        PublicKey: Cloud KMS public key response.    """# Create the client.client=kms.KeyManagementServiceClient()# Build the key version name.key_version_name=client.crypto_key_version_path(project_id,location_id,key_ring_id,key_id,version_id)# Call the API.public_key=client.get_public_key(request={"name":key_version_name})# Optional, but recommended: perform integrity verification on public_key.# For more details on ensuring E2E in-transit integrity to and from Cloud KMS visit:# https://cloud.google.com/kms/docs/data-integrity-guidelinesifnotpublic_key.name==key_version_name:raiseException("The request sent to the server was corrupted in-transit.")# See crc32c() function defined below.ifnotpublic_key.pem_crc32c==crc32c(public_key.pem.encode("utf-8")):raiseException("The response received from the server was corrupted in-transit.")# End integrity verificationprint(f"Public key:{public_key.pem}")returnpublic_keydefcrc32c(data:bytes)->int:"""    Calculates the CRC32C checksum of the provided data.    Args:        data: the bytes over which the checksum should be calculated.    Returns:        An int representing the CRC32C checksum of the provided bytes.    """importcrcmod# type: ignorecrc32c_fun=crcmod.predefined.mkPredefinedCrcFun("crc-32c")returncrc32c_fun(data)

# TODO(developer): uncomment these values before running the sample.# project_id  = "my-project"# location_id = "us-east1"# key_ring_id = "my-key-ring"# key_id      = "my-key"# version_id  = "123"# Require the library.require"google/cloud/kms"# Create the client.client=Google::Cloud::Kms.key_management_service# Build the key version name.key_version_name=client.crypto_key_version_pathproject:project_id,location:location_id,key_ring:key_ring_id,crypto_key:key_id,crypto_key_version:version_id# Call the API.public_key=client.get_public_keyname:key_version_nameputs"Public key:#{public_key.pem}"

import("context""crypto/x509""encoding/json""encoding/pem""fmt""hash/crc32""io"kms"cloud.google.com/go/kms/apiv1""cloud.google.com/go/kms/apiv1/kmspb""github.com/lestrrat-go/jwx/v2/jwk")// getPublicKeyJwk retrieves the public key from an asymmetric key pair on Cloud KMS.funcgetPublicKeyJwk(wio.Writer,cryptoKeyVersionNamestring)error{// name := "projects/my-project/locations/us-east1/keyRings/my-key-ring/cryptoKeys/my-key/cryptoKeyVersions/123"// Create the client.ctx:=context.Background()client,err:=kms.NewKeyManagementClient(ctx)iferr!=nil{returnfmt.Errorf("failed to create kms client: %w",err)}deferclient.Close()// Build the request.req:=&kmspb.GetPublicKeyRequest{Name:cryptoKeyVersionName,}// Call the API to get the public key.result,err:=client.GetPublicKey(ctx,req)iferr!=nil{returnfmt.Errorf("failed to get public key: %w",err)}// The 'Pem' field is the raw string representation of the public key.// Convert 'Pem' into bytes for further processing.key:=[]byte(result.Pem)// Optional, but recommended: perform integrity verification on result.// For more details on ensuring E2E in-transit integrity to and from Cloud KMS visit:// https://cloud.google.com/kms/docs/data-integrity-guidelinescrc32c:=func(data[]byte)uint32{t:=crc32.MakeTable(crc32.Castagnoli)returncrc32.Checksum(data,t)}ifint64(crc32c(key))!=result.PemCrc32C.Value{returnfmt.Errorf("getPublicKey: response corrupted in-transit")}// Optional - parse the public key.// This transforms the string key into a Go PublicKey.block,_:=pem.Decode(key)_,err=x509.ParsePKIXPublicKey(block.Bytes)iferr!=nil{returnfmt.Errorf("failed to parse public key: %w",err)}// If all above checks pass, convert it into JWK format.jwkKey,err:=jwk.ParseKey(key,jwk.WithPEM(true))iferr!=nil{returnfmt.Errorf("Failed to parse the PEM public key: %w",err)}fmt.Fprintf(w,"The public key in JWK format: ")json.NewEncoder(w).Encode(jwkKey)returnnil}