0

I want to encrypt a string using Amazon KMS services. My credentials work, I can use the client to get a list of keys, but I get a 400 when I try to encrypt my string. This is my code (I bet I'm missing something simple):

public static string Encrypt(string str, string awsRegion, string theKey)
{
     var keyId = "arn:aws:kms:" + awsRegion + ":0987654321:key/" + thekey;

     using (var client = new AmazonKeyManagementServiceClient(AWSId, AWSSK, RegionEndpoint.USEast1))            
     {
          var req = new EncryptRequest
          {
               KeyId = keyId,
               Plaintext = new MemoryStream(Encoding.UTF8.GetBytes(str))
          };

          var blob = client.Encrypt(req).CiphertextBlob;
          return new StreamReader(blob).ReadToEnd();
     }
}

What could be the cause of this?

I also have my profile set up in visual studio.

Edit 1: The error message is:

Error making request with Error Code AccessDeniedException and Http Status Code BadRequest. No further error information was returned by the service.

4

1 回答 1

0

事实证明,keyId 字符串中区域和键之间的整数不是任意的。

我通过获取可用的键列表、找到相应的键并将该整数复制到我的 keyId 字符串中代替 0987654321 来使其工作。

于 2015-08-04T13:38:42.890 回答