1

如何从 KMS 响应中获取我的解密结果。以下是 KMS 的回复,这里我如何从明文中获取我的结果。

下面的结果是 json.stringify(kmsresponse)。下面给出的是一个示例值。

{
"$metadata": {
    "httpStatusCode": 200,
    "requestId": "",
    "attempts": 1,
    "totalRetryDelay": 0
},
"EncryptionAlgorithm": "SYMMETRIC_DEFAULT",
"KeyId": "",
"Plaintext": {
    "0": 01,
    "1": 01,
    "2": 02,
    "3": 03,
    "4": 04,
    "5": 05,
    "6": 06,
    "7": 06,
    "8": 55,
    "9": 100,
    "10": 10,
    "11": 54,
    "12": 99,
    "13": 98,
    "14": 14,
    "15": 15,
    "16": 16,
    "17": 17,
    "18": 18,
    "19": 19
}}
4

2 回答 2

1

要解码响应,您只需要使用Buffer该类。假设decrypt调用的响应在一个名为的变量中decryptResponse,它看起来像这样:

    if (Buffer.isBuffer(decryptResponse.Plaintext)) {
      const decrypted = Buffer.from(decryptResponse.Plaintext).toString();

      const credential = JSON.parse(decrypted) as Credential;
      return credential;
    }
    else {
      throw new Error('Decrypt response was not a buffer');
    }
于 2021-03-30T15:44:19.260 回答
0

使用 KSM 服务,您可以加密和解密数据。根据您的问题,您似乎在问如何从解密操作中获取解密数据。

与大多数 AWS 服务一样,您可以从给定的响应对象中获取数据。这是一个显示在 Java 中加密和解密数据的示例。您可以使用适用于 JavaScript 的 AWS 开发工具包将其移植到 JavaScript。但是,Java 示例将为您提供一个起点。

import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.kms.KmsClient;
import software.amazon.awssdk.services.kms.model.EncryptRequest;
import software.amazon.awssdk.services.kms.model.EncryptResponse;
import software.amazon.awssdk.services.kms.model.KmsException;
import software.amazon.awssdk.services.kms.model.DecryptRequest;
import software.amazon.awssdk.services.kms.model.DecryptResponse;
// snippet-end:[kms.java2_encrypt_data.import]

public class EncryptDataKey {

    public static void main(String[] args) {

        final String USAGE = "\n" +
                "Usage:\n" +
                "    EncryptDataKey <keyId> \n\n" +
                "Where:\n" +
                "    keyId - a key id value to use to encrypt/decrypt the data (for example, xxxxxbcd-12ab-34cd-56ef-1234567890ab). \n\n" ;

        if (args.length != 1) {
            System.out.println(USAGE);
            System.exit(1);
        }

        String keyId = args[0];
        Region region = Region.US_WEST_2;
        KmsClient kmsClient = KmsClient.builder()
                .region(region)
                .build();

        SdkBytes encryData = encryptData(kmsClient, keyId);
        decryptData(kmsClient, encryData, keyId);
        System.out.println("Done");
        kmsClient.close();
    }

     // snippet-start:[kms.java2_encrypt_data.main]
     public static SdkBytes encryptData(KmsClient kmsClient, String keyId) {

         try {
             SdkBytes myBytes = SdkBytes.fromByteArray(new byte[]{1, 2, 3, 4, 5, 6, 7, 8, 9, 0});

             EncryptRequest encryptRequest = EncryptRequest.builder()
                     .keyId(keyId)
                     .plaintext(myBytes)
                     .build();

             EncryptResponse response = kmsClient.encrypt(encryptRequest);
             String algorithm = response.encryptionAlgorithm().toString();
             System.out.println("The encryption algorithm is " + algorithm);

             // Get the encrypted data
             SdkBytes encryptedData = response.ciphertextBlob();
             return encryptedData;
         } catch (KmsException e) {
             System.err.println(e.getMessage());
             System.exit(1);
         }
         return null;
     }
    // snippet-end:[kms.java2_encrypt_data.main]

    // snippet-start:[kms.java2_decrypt_data.main]
    public static void decryptData(KmsClient kmsClient, SdkBytes encryptedData, String keyId) {

    try {
         DecryptRequest decryptRequest = DecryptRequest.builder()
                 .ciphertextBlob(encryptedData)
                 .keyId(keyId)
                 .build();

            DecryptResponse decryptResponse = kmsClient.decrypt(decryptRequest);
            decryptResponse.plaintext();

    } catch (KmsException e) {
        System.err.println(e.getMessage());
        System.exit(1);
    }
  }
    // snippet-end:[kms.java2_decrypt_data.main]
}
于 2021-03-30T15:38:15.760 回答