AWS:解密 SES/KMS 封加密邮件
AWS: Decrypt SES/KMS encrypted mails
今天我在研究 SES 电子邮件接收规则集。我定义了一个 S3 存储桶来保存收到的邮件。我还使用 SES 的默认 KMS 主密钥检查了“加密消息”选项。
之后我意识到我不知道如何解密它们所以我删除了加密设置。
现在有些邮件打不开。
谁能告诉我怎么做?
我会解释发生了什么。
S3有两种加密模式(简称SSE和CSE),定义为here:
Server-Side Encryption – You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.
Client-Side Encryption – You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.
SSE 对用户来说很简单,因为它由 S3 透明地处理。 CSE 变得有点棘手,因为 users/clients 需要在最后解密数据。
现在,SES 使用提到的 CSE here:
Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your AWS KMS keys for decryption.
如果您点击同一页面上的链接,您最终会到达 here,其中提供了有关 检索和解密电子邮件的更多详细信息。
今天我在研究 SES 电子邮件接收规则集。我定义了一个 S3 存储桶来保存收到的邮件。我还使用 SES 的默认 KMS 主密钥检查了“加密消息”选项。
之后我意识到我不知道如何解密它们所以我删除了加密设置。
现在有些邮件打不开。
谁能告诉我怎么做?
我会解释发生了什么。
S3有两种加密模式(简称SSE和CSE),定义为here:
Server-Side Encryption – You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.
Client-Side Encryption – You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.
SSE 对用户来说很简单,因为它由 S3 透明地处理。 CSE 变得有点棘手,因为 users/clients 需要在最后解密数据。
现在,SES 使用提到的 CSE here:
Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your AWS KMS keys for decryption.
如果您点击同一页面上的链接,您最终会到达 here,其中提供了有关 检索和解密电子邮件的更多详细信息。