1

创建了一种使用 AWS KMS 加密数据的方法。它工作了一段时间,然后我遇到了以下异常。甚至尝试创建一个新密钥但没有运气!不知道是不是跟账号限制有关!

方法调用:

String keyArn = "arn:aws:kms:eu-west-1:account-id:key/key-id"; 
ByteBuffer record = ByteBuffer.wrap("Testing Encryption".getBytes("UTF-8"));                                          
DataEncryptor.encrypt(record, keyArn);

方法:

public static ByteBuffer encrypt(ByteBuffer record, String keyArn) {
    kms = new AWSKMSClient(new DefaultAWSCredentialsProviderChain().getCredentials()).withRegion(Regions.EU_WEST_1);
    EncryptRequest req = new EncryptRequest().withKeyId(keyArn).withPlaintext(record);
    EncryptResult encrypt = kms.encrypt(req);
    return encrypt.getCiphertextBlob();
}

这不是

com.amazonaws.services.kms.model.AWSKMSException: 1 validation error detected: Value at 'plaintext' failed to satisfy constraint: Member must have length greater than or equal to 1 (Service: AWSKMS; Status Code: 400; Error Code: ValidationException; Request ID: a9cb4684-55f1-11e7-8e35-b1ca13e97a3e)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:2607)
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:2583)
at com.amazonaws.services.kms.AWSKMSClient.encrypt(AWSKMSClient.java:1256)
at com.amazon.kinesis.kafka.encryption.RecordEncryptor.encrypt(RecordEncryptor.java:41)
at com.amazon.kinesis.kafka.encryption.RecordEncryptorTest.decrypt_shouldDecryptAGivenEncryptedRecord(RecordEncryptorTest.java:37)
4

2 回答 2

0

我认为您的文件是空的,请检查您是否引用了正确的文件。我有同样的错误,但我将它引用到错误的文件。所以我的内容在 ExampleSecret 中,我在命令中引用了 ExampleSecret.txt。

于 2020-09-04T17:24:12.277 回答
0

我遇到了同样的错误,我在检查需要与此特定 Lambda 函数链接的 KMS 客户密钥后解决了它。转到 KMS,然后转到客户管理的密钥,以获取我为此 Lambda 函数创建的密钥。检查其关键用户是否包含此 Lambda。

于 2022-01-18T20:55:45.037 回答