given a key of type
gcloud kms keys list --keyring=mykeyring --location=us-central1
projects/mineral-minutia-820/locations/us-central1/keyRings/mykeyring/cryptoKeys/dlp ASYMMETRIC_DECRYPT RSA_DECRYPT_OAEP_2048_SHA1 SOFTWARE
gcloud kms keys versions get-public-key 1 --key dlp --keyring=mykeyring --location=us-central1 > key.pub
echo -n "my ssn is 221-11-1234" > bar.txt
openssl rsautl -in bar.txt -out bar.enc -pubin -inkey key.pub -encrypt -oaep
openssl base64 -in bar.enc
gcloud kms asymmetric-decrypt --ciphertext-file bar.enc --plaintext-file bar.dec --key dlp --keyring=mykeyring --location=us-central1 --version 1
cat bar.dec