如何使用 AWS KMS 加密和解密字符串?
How to encrypt and decrypt a string using AWS KMS?
我正在尝试使用 AWS KMS 来加密和解密一个简单的字符串,
我正在使用 AWS Javascript SDK 这样做,
由于没有错误,我能够加密和稍微解密字符串,
但是 KMS 解密方法的输出不会导致我尝试加密的原始字符串。
这是我的工作代码-
var AWS = require('aws-sdk');
const util = require('util');
AWS.config.update({region:'us-east-1'});
var kms = new AWS.KMS({apiVersion: '2014-11-01'});
let test = async () => {
try {
let data = `test`;
var encryptionParams = {
KeyId: "someKMSKeyId",
Plaintext: data
};
let kmsEncrypt = util.promisify(kms.encrypt).bind(kms);
let encryptedData = await kmsEncrypt(encryptionParams);
//encryptedData contained 2 parts, CiphertextBlob and KeyId
console.log('encryptedData => \n', encryptedData);
console.log('\nencryptedData.CiphertextBlob => \n', encryptedData.CiphertextBlob);
console.log('\nencryptedData.KeyId => \n', encryptedData.KeyId);
var decryptionParams = {
CiphertextBlob : encryptedData.CiphertextBlob
};
let kmsDecrypt = util.promisify(kms.decrypt).bind(kms);
let decryptedData = await kmsDecrypt(decryptionParams);
//ndecryptedData contained 2 parts, Plaintext and KeyId
console.log('\ndecryptedData => \n', decryptedData);
console.log('\ndecryptedData.Plaintext => \n', decryptedData.Plaintext);
console.log('\ndecryptedData.KeyId => \n', decryptedData.KeyId);
} catch (error) {
console.log('\nerror => \n',error);
}
}
test();
我希望 decryptedData.Plaintext 的输出是 test,
但输出类似于 - <Buffer 74 65 73 74>,
我在这里做错了什么?
参考-
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/KMS.html#endpoint-property
感谢 kdgregory 的提示,我能够通过使用 base64、
将纯文本解码为字符串来解决此问题
以下是使用AWS KMS加解密的最终工作代码-
var AWS = require('aws-sdk');
const util = require('util');
AWS.config.update({region:'us-east-1'});
var kms = new AWS.KMS({apiVersion: '2014-11-01'});
let test = async () => {
try {
let data = 'test';
var encryptionParams = {
KeyId: "kmsKeyId",
Plaintext: data
};
let kmsEncrypt = util.promisify(kms.encrypt).bind(kms);
let encryptedData = await kmsEncrypt(encryptionParams);
//encryptedData contained 2 parts, CiphertextBlob and KeyId
console.log('encryptedData => \n', encryptedData);
console.log('\nencryptedData.CiphertextBlob => \n', encryptedData.CiphertextBlob);
console.log('\nencryptedData.KeyId => \n', encryptedData.KeyId);
let buff = Buffer.from(encryptedData.CiphertextBlob);
let encryptedBase64data = buff.toString('base64');
console.log("\nencryptedBase64data => \n", encryptedBase64data);
var decryptionParams = {
CiphertextBlob : encryptedData.CiphertextBlob
};
let kmsDecrypt = util.promisify(kms.decrypt).bind(kms);
let decryptedData = await kmsDecrypt(decryptionParams);
//ndecryptedData contained 2 parts, Plaintext and KeyId
console.log('\ndecryptedData => \n', decryptedData);
console.log('\ndecryptedData.Plaintext => \n', decryptedData.Plaintext);
console.log('\ndecryptedData.KeyId => \n', decryptedData.KeyId);
let buff2 = Buffer.from(decryptedData.Plaintext, 'base64');
let originalText = buff2.toString('ascii');
console.log('\noriginalText => \n', originalText);
} catch (error) {
console.log('\nerror => \n',error);
}
}
test();
只是为了补充您的回答。
Plaintext
Decrypted plaintext data. When you use the HTTP API or the
AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.
Type: Base64-encoded binary data object
Length Constraints: Minimum length of 1. Maximum length of 4096.
参考:https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#API_Decrypt_ResponseElements
我正在尝试使用 AWS KMS 来加密和解密一个简单的字符串,
我正在使用 AWS Javascript SDK 这样做,
由于没有错误,我能够加密和稍微解密字符串,
但是 KMS 解密方法的输出不会导致我尝试加密的原始字符串。
这是我的工作代码-
var AWS = require('aws-sdk');
const util = require('util');
AWS.config.update({region:'us-east-1'});
var kms = new AWS.KMS({apiVersion: '2014-11-01'});
let test = async () => {
try {
let data = `test`;
var encryptionParams = {
KeyId: "someKMSKeyId",
Plaintext: data
};
let kmsEncrypt = util.promisify(kms.encrypt).bind(kms);
let encryptedData = await kmsEncrypt(encryptionParams);
//encryptedData contained 2 parts, CiphertextBlob and KeyId
console.log('encryptedData => \n', encryptedData);
console.log('\nencryptedData.CiphertextBlob => \n', encryptedData.CiphertextBlob);
console.log('\nencryptedData.KeyId => \n', encryptedData.KeyId);
var decryptionParams = {
CiphertextBlob : encryptedData.CiphertextBlob
};
let kmsDecrypt = util.promisify(kms.decrypt).bind(kms);
let decryptedData = await kmsDecrypt(decryptionParams);
//ndecryptedData contained 2 parts, Plaintext and KeyId
console.log('\ndecryptedData => \n', decryptedData);
console.log('\ndecryptedData.Plaintext => \n', decryptedData.Plaintext);
console.log('\ndecryptedData.KeyId => \n', decryptedData.KeyId);
} catch (error) {
console.log('\nerror => \n',error);
}
}
test();
我希望 decryptedData.Plaintext 的输出是 test,
但输出类似于 - <Buffer 74 65 73 74>,
我在这里做错了什么?
参考-
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/KMS.html#endpoint-property
感谢 kdgregory 的提示,我能够通过使用 base64、
将纯文本解码为字符串来解决此问题
以下是使用AWS KMS加解密的最终工作代码-
var AWS = require('aws-sdk');
const util = require('util');
AWS.config.update({region:'us-east-1'});
var kms = new AWS.KMS({apiVersion: '2014-11-01'});
let test = async () => {
try {
let data = 'test';
var encryptionParams = {
KeyId: "kmsKeyId",
Plaintext: data
};
let kmsEncrypt = util.promisify(kms.encrypt).bind(kms);
let encryptedData = await kmsEncrypt(encryptionParams);
//encryptedData contained 2 parts, CiphertextBlob and KeyId
console.log('encryptedData => \n', encryptedData);
console.log('\nencryptedData.CiphertextBlob => \n', encryptedData.CiphertextBlob);
console.log('\nencryptedData.KeyId => \n', encryptedData.KeyId);
let buff = Buffer.from(encryptedData.CiphertextBlob);
let encryptedBase64data = buff.toString('base64');
console.log("\nencryptedBase64data => \n", encryptedBase64data);
var decryptionParams = {
CiphertextBlob : encryptedData.CiphertextBlob
};
let kmsDecrypt = util.promisify(kms.decrypt).bind(kms);
let decryptedData = await kmsDecrypt(decryptionParams);
//ndecryptedData contained 2 parts, Plaintext and KeyId
console.log('\ndecryptedData => \n', decryptedData);
console.log('\ndecryptedData.Plaintext => \n', decryptedData.Plaintext);
console.log('\ndecryptedData.KeyId => \n', decryptedData.KeyId);
let buff2 = Buffer.from(decryptedData.Plaintext, 'base64');
let originalText = buff2.toString('ascii');
console.log('\noriginalText => \n', originalText);
} catch (error) {
console.log('\nerror => \n',error);
}
}
test();
只是为了补充您的回答。
Plaintext
Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.
Type: Base64-encoded binary data object
Length Constraints: Minimum length of 1. Maximum length of 4096.
参考:https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#API_Decrypt_ResponseElements