How can I call Amazon s AWS kms decrypt function without using a binary file

0 votes

I have code that retrieves a string that was encrypted using Amazon's aws kms encrypt function. I would like to call aws kms decrypt to get back the unencrypted value, but I would like to do this without writing the string to a binary file. All the examples I've found assume you will convert the base64 encoded encrypted value into a binary file using either linux's base64 command or Window's certutil command. I'm trying to do this on a Windows system. It seems to me you should be able to run:

aws kms encrypt --key-id <mykey> --plaintext "mysecret"

Which for me generates this result:

{
"KeyId": "arn:aws:kms:us-east-1:192491131326:key/<mykey>",
"CiphertextBlob": "AQICAHjQ7sViXQdeS4wWbFZpkOQWvCdNXqiy4Cnz0/xEBe39SQGz0vofeAo0+SyOXv172fqkAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMhchHh0ugGzwRTC4gAgEQgCMlkhYlCYk2SfYIkfQ6ruwA71KBcN7ih/OPzSE86OT/eBOz3Q=="
}

And that I should then be able to run:

aws kms decrypt --ciphertext-blob AQICAHjQ7sViXQdeS4wWbFZpkOQWvCdNXqiy4Cnz0/xEBe39SQGz0vofeAo0+SyOXv172fqkAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMhchHh0ugGzwRTC4gAgEQgCMlkhYlCYk2SfYIkfQ6ruwA71KBcN7ih/OPzSE86OT/eBOz3Q==

To get back the result. But so far I've been unable to get anything except:

An error occurred (InvalidCiphertextException) when calling the Decrypt operation:

Is there some set of parameters I can pass into the decrypt command so that it will decrypt this string?

Aug 30, 2018 in AWS by bug_seeker
• 15,510 points
10,011 views

1 answer to this question.

0 votes
Not sure if you've already found this, but this seems to work:

aws kms decrypt --ciphertext-blob fileb://<(echo "YOUR CIPHERTEXTBLOB HERE" | base64 -D) --output text --query Plaintext --region eu-west-1 | base64 -D

This is for a Mac. On Windows I think you need base64 -d.

Hope this helps.
answered Aug 30, 2018 by Priyaj
• 58,020 points

Related Questions In AWS

0 votes
1 answer

How to download the latest file in a S3 bucket using AWS CLI?

You can use the below command $ aws ...READ MORE

answered Sep 6, 2018 in AWS by Archana
• 4,170 points
19,887 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

How can I disable a user's password in AWS using boto3

delete_login_profile is the one you should use if ...READ MORE

answered Sep 27, 2018 in AWS by Priyaj
• 58,020 points
3,094 views
0 votes
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP