7

我正在使用 AWS KMS 将文件加密到 s3 存储桶。我目前正在使用 AWS 控制台执行此操作,但我想使用 Nodejs 执行此操作。

我刚刚检查了一些东西,但我对使用 nodejs 进行 KMS 的加密和解密没有任何清晰的想法。

4

2 回答 2

6

您需要查看适用于 javascript 的 AWS 开发工具包。从例子:

var AWS = require('aws-sdk');

var kms = new AWS.KMS({apiVersion: '2014-11-01'});
 
var params = {
  KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab", // The identifier of the CMK to use for encryption. You can use the key ID or Amazon Resource Name (ARN) of the CMK, or the name or ARN of an alias that refers to the CMK.
  Plaintext: <Binary String>// The data to encrypt.
 };

kms.encrypt(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    CiphertextBlob: <Binary String>, // The encrypted data (ciphertext).
    KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"// The ARN of the CMK that was used to encrypt the data.
   }
   */
});

var params = {
  CiphertextBlob: <Binary String>// The encrypted data (ciphertext).
 };
 
kms.decrypt(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    KeyId: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", // The Amazon Resource Name (ARN) of the CMK that was used to decrypt the data.
    Plaintext: <Binary String>// The decrypted (plaintext) data.
   }
   */
});

这是NPM 上 aws-sdk 包的链接。这是主要 AWS SDK for Javascript 文档页面的链接。

于 2017-02-08T07:45:53.320 回答
2

以下是有关如何使用 AWS KMS 进行加密和解密的完整示例:

// Imports
const AWS = require('aws-sdk');
const helper = require('./helper');

AWS.config.update({ region: 'eu-west-3' })

// Declare local variables
const kms = new AWS.KMS();

helper.getTextFile('./test.txt')
.then(buffer => encryptData(buffer))
.then(encryptedData => helper.saveBlobToFile(encryptedData))
.then(data => helper.getTextFile('./encryptedTxt.txt'))
.then(buffer => decryptData(buffer))
.then(plainText => helper.saveBlobToFile(plainText)) // plaintext
.catch(console.log);

function encryptData(buffer) {
    const params = {
        KeyId: 'your key id',
        Plaintext: buffer
    }
    return new Promise((resolve, reject) => {
        kms.encrypt(params, (err, data) => {
            if(err) reject(err);
            else resolve(data.CiphertextBlob);
        })
    })
}

function decryptData(buffer) {
    const params = {
        CiphertextBlob: buffer
    }
    return new Promise((resolve, reject) => {
        kms.decrypt(params, (err, data) => {
            if(err) reject(err);
            else resolve(data.Plaintext);
        })
    })
}

辅助方法在这里:

const glob = require('glob')
const fs = require('fs')


function getTextFile(filePath) {
    return new Promise((resolve, reject) => {
        fs.readFile(filePath, (err, data) => {
            if(err) reject(err);
            else {
                resolve(data); 
            }
        });
    })
}


function saveBlobToFile(blob) {
    var buffer = Buffer.from(blob, 'base64'); // decode
    return new Promise((resolve, reject) => {
        fs.writeFile('encryptedTxt.txt', buffer, (err) => {
            if(err) reject(err);
            else resolve('file saved correctly');
        })
    })
}

module.exports = {
    getTextFile,
    saveBlobToFile
}

于 2020-04-19T15:29:22.243 回答