The example for encryption includes two individual examples for TLS and ALTS encryption mechanism respectively.
In each example's subdirectory:
go run server/main.go
go run client/main.go
TLS is a commonly used cryptographic protocol to provide end-to-end communication security. In the example, we show how to set up a server authenticated TLS connection to transmit RPC.
In our example, we use the public/private keys created ahead:
On server side, we provide the paths to “server1.pem” and “server1.key” to configure TLS and create the server credential using
On client side, we provide the path to the “ca.pem” to configure TLS and create the client credential using
credentials.NewClientTLSFromFile. Note that we override the server name with “x.test.youtube.com”, as the server certificate is valid for *.test.youtube.com but not localhost. It is solely for the convenience of making an example.
Once the credentials have been created at both sides, we can start the server with the just created server credential (by calling
grpc.Creds) and let client dial to the server with the created client credential (by calling
And finally we make an RPC call over the created
grpc.ClientConn to test the secure connection based upon TLS is successfully up.
NOTE: ALTS currently needs special early access permission on GCP. You can ask about the detailed process in https://groups.google.com/forum/#!forum/grpc-io.
ALTS is the Google's Application Layer Transport Security, which supports mutual authentication and transport encryption. Note that ALTS is currently only supported on Google Cloud Platform, and therefore you can only run the example successfully in a GCP environment. In our example, we show how to initiate a secure connection that is based on ALTS.
Unlike TLS, ALTS makes certificate/key management transparent to user. So it is easier to set up.
Next, same as TLS, start the server with the server credential and let client dial to server with the client credential.
Finally, make an RPC to test the secure connection based upon ALTS is successfully up.