'How to encrypt string which has special characters using AWS KMS
I want to encrypt and decrypt string using AWS KMS:
Case 1:
string = 'AKCp5aUZygCWGJeAHYSFwi6yxYbcShTGUSQwBXp8wTBnjVTpRDb5EyStWEQmZ1RPsPmYt9sjz'
aws kms encrypt --key-id <> --plaintext 'AKCp5aUZygCWGJeAHYSFwi6yxYbcShTGUSQwBXp8wTBnjVTpRDb5EyStWEQmZ1RPsPmYt9sjz'
I am able to encrypt a string using the above command and decrypt the ciphertext generated using the below code to get back my string content
import boto3
import botocore
from base64 import b64decode
value='XXXXXXXXHjCHpbhAFYspjAmCJpPN1VwwVqJHDvYCf/NVtniOicu3gAAAKswgagGCSqGSIb3DQEHBqCBmjCBlwIBADCBkQYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAzsC/TLhKcpRfSEL10CARCAZODUnTUxcKHQrP56Xkc+TH9bkY5Vg6aec63/YWBYkPb7skeVGrJVwijgKgWhVmXy4bauZ19ZS7aengVsw5Be25jLCleYmrUW4GuTcVdeNG3/IKYR3OSzR7N8nTuoxDQEAYpKjOA='
x=boto3.client('kms', region_name='us-west-2').decrypt(CiphertextBlob=b64decode(value)['Plaintext']
print(x)
Case 2:
I want to encrypt this text using aws KMS
string='eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiI4TE1CNUlWcUVFN1Rzd2NLVXhRTllKRzZUYWhTSEZQMUh5akRFaTVTQ1QwIn0.eyJzdWIiOiJqZnJ0QDAxZTU4MzNjY2h4endzMWhrbWUxODkxa2RkXC91c2Vyc1wvVVBBQVMiLCJzY3AiOiJtZW1iZXItb2YtZ3JvdXBzOmF3c3Rva2VuLVVQQUFTLGFydC1hd3MtcmVhZCBhcGk6KiIsImF1ZCI6ImpmcnRAMDFlNTgzM2NjaHh6d3MxaGttZTE4OTFrZGQiLCJpc3MiOiJqZnJ0QDAxZTU4MzNjY2h4endzMWhrbWUxODkxa2RkXC91c2Vyc1wvdG9rZW46YXdzYXV0b21hdGlvbiIsImV4cCI6MTYzMDU2NjAyMywiaWF0IjoxNjIyNTMwODIzLCJqdGkiOiJkZDdiNzllMS01NGU2LTRiMmYtODQ4NS1lYmVmZTAwYmU3YjMifQ.STXEiFMBpxlHxMZreFCrqRNoggkGudnBXLNs0JXCIwOapaXwL4Erxbiw836orAkblNxdozoUR3dq2CK-m_LkVoHWDv3VUFlD3YFgY1PqZGLjVLCxPTypRRfnGqQtOkr4deTjg0OJbLR_VcA9GomCCngxxP0GEvwfZjHruRYs9vPc13JFNbebl3pRrFVo8jBwKkR8WNK5fS3vKt4pFdV-h4uXVCCmS8yIUcrjuG5qRvxgYamyAsWPPyzF0TE0BdcE7bjSZAdy2tGsVYxU_Yz9QmxzxiP_78XjdZm99aGfH_Xjam56vC8FYqGrgB1YiKTsTZ3zsAGJWbB26hrQTPLxVg'
once encrypted using the same command as above and then started decrypting. I am getting decrypt response like this:
Here I am not getting my original string after decrypting the ciphertext How can I get this?
amazon-web-servicesSolution 1:[1]
Have you tried running the encrypt with the parameter?
--query CiphertextBlob
I generated some encryption here like this:
aws kms encrypt --key-id [YOUR_KEY_ID] --plaintext test --query CiphertextBlob --output text
and tested with your Python code and it works well.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Ethan |