问题描述
如何从 KMS 响应中获取我的解密结果。以下是来自 KMS 的响应以及如何从明文中获取结果。
下面的结果是 json.stringify(kmsresponse)。下面给出的是一个示例值。
{
"$Metadata": {
"httpStatusCode": 200,"requestId": "","attempts": 1,"totalRetryDelay": 0
},"EncryptionAlgorithm": "SYMMETRIC_DEFAULT","KeyId": "","Plaintext": {
"0": 01,"1": 01,"2": 02,"3": 03,"4": 04,"5": 05,"6": 06,"7": 06,"8": 55,"9": 100,"10": 10,"11": 54,"12": 99,"13": 98,"14": 14,"15": 15,"16": 16,"17": 17,"18": 18,"19": 19
}}
解决方法
使用 KSM 服务,您可以加密和解密数据。根据您的问题,您似乎在问如何从 decrypt 操作中获取解密数据。
与大多数 AWS 服务一样,您可以从给定的响应对象中获取数据。这是一个显示在 Java 中加密和解密数据的示例。您可以使用适用于 JavaScript 的 AWS 开发工具包将其移植到 JavaScript。但是,Java 示例将为您提供一个起点。
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.kms.KmsClient;
import software.amazon.awssdk.services.kms.model.EncryptRequest;
import software.amazon.awssdk.services.kms.model.EncryptResponse;
import software.amazon.awssdk.services.kms.model.KmsException;
import software.amazon.awssdk.services.kms.model.DecryptRequest;
import software.amazon.awssdk.services.kms.model.DecryptResponse;
// snippet-end:[kms.java2_encrypt_data.import]
public class EncryptDataKey {
public static void main(String[] args) {
final String USAGE = "\n" +
"Usage:\n" +
" EncryptDataKey <keyId> \n\n" +
"Where:\n" +
" keyId - a key id value to use to encrypt/decrypt the data (for example,xxxxxbcd-12ab-34cd-56ef-1234567890ab). \n\n" ;
if (args.length != 1) {
System.out.println(USAGE);
System.exit(1);
}
String keyId = args[0];
Region region = Region.US_WEST_2;
KmsClient kmsClient = KmsClient.builder()
.region(region)
.build();
SdkBytes encryData = encryptData(kmsClient,keyId);
decryptData(kmsClient,encryData,keyId);
System.out.println("Done");
kmsClient.close();
}
// snippet-start:[kms.java2_encrypt_data.main]
public static SdkBytes encryptData(KmsClient kmsClient,String keyId) {
try {
SdkBytes myBytes = SdkBytes.fromByteArray(new byte[]{1,2,3,4,5,6,7,8,9,0});
EncryptRequest encryptRequest = EncryptRequest.builder()
.keyId(keyId)
.plaintext(myBytes)
.build();
EncryptResponse response = kmsClient.encrypt(encryptRequest);
String algorithm = response.encryptionAlgorithm().toString();
System.out.println("The encryption algorithm is " + algorithm);
// Get the encrypted data
SdkBytes encryptedData = response.ciphertextBlob();
return encryptedData;
} catch (KmsException e) {
System.err.println(e.getMessage());
System.exit(1);
}
return null;
}
// snippet-end:[kms.java2_encrypt_data.main]
// snippet-start:[kms.java2_decrypt_data.main]
public static void decryptData(KmsClient kmsClient,SdkBytes encryptedData,String keyId) {
try {
DecryptRequest decryptRequest = DecryptRequest.builder()
.ciphertextBlob(encryptedData)
.keyId(keyId)
.build();
DecryptResponse decryptResponse = kmsClient.decrypt(decryptRequest);
decryptResponse.plaintext();
} catch (KmsException e) {
System.err.println(e.getMessage());
System.exit(1);
}
}
// snippet-end:[kms.java2_decrypt_data.main]
}
要解码响应,您只需要使用 Buffer 类。假设来自 decrypt 调用的响应位于名为 decryptResponse 的变量中,它看起来像这样:
if (Buffer.isBuffer(decryptResponse.Plaintext)) {
const decrypted = Buffer.from(decryptResponse.Plaintext).toString();
const credential = JSON.parse(decrypted) as Credential;
return credential;
}
else {
throw new Error('Decrypt response was not a buffer');
}