在 Java 中以编程方式使用 AWS KMS 解密 cypherTextBlob ? 无效密文异常
[英]Decrypt cypherTextBlob using AWS KMS programmatically in Java ? InvalidCiphertextException
问题描述
I am a bit new to cryptography and never used AWS KMS to encrypt data before.
我对密码学有点陌生,以前从未使用过 AWS KMS 来加密数据。 I am using AWS SDK for Java for KMS.我正在将 AWS SDK for Java 用于 KMS。 But while trying to encrypt and decrypt using AWS KMS API Operations, I am facing the exception InvalidCiphertextException但是在尝试使用 AWS KMS API 操作进行加密和解密时,我遇到了异常 InvalidCiphertextException
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>kms</artifactId>
<version>2.15.19</version>
</dependency>
Encrypt part加密部分
String encrypt(String plainText){
EncryptRequest encryptRequest = new EncryptRequest().withKeyId(keyId).withPlaintext(plainText);
//calling encrypt function here
EncryptResult response = kmsClient.encrypt(encryptRequest);
cipherText = new String(response.getCiphertextBlob().array());
//calling decrypt function here
return decrypt(cipherText);
}
Decrypt part in decrypt method解密方法中的解密部分
public String decrypt(String cipherText){
ByteBuffer cyphertextBlob = ByteBuffer.wrap(cipherText.getBytes());
//Point 1: Exception is thrown at this point while calling decrypt operation API.
DecryptRequest request = new DecryptRequest().withKeyId(keyId).withCiphertextBlob(cyphertextBlob);
}
The problem is I get the following error at the point of making the api call (Point 1)问题是我在进行 api 调用时出现以下错误(第 1 点)
com.amazonaws.services.kms.model.InvalidCiphertextException: null (Service: AWSKMS; Status Code: 400; Error Code: InvalidCiphertextException; Request ID: 45720b33-3637-490a-8c6a-d7491ccadf94; Proxy: null)
InvalidCiphertextException.无效的密文异常。 While going through AWS documents, here are the points I understood,在浏览 AWS 文档时,以下是我理解的要点,
- The encryption context is cryptographically tied to the cypher text so InvalidCiphertextException is thrown if we don't provide the encryptionContext in decrypt operation.加密上下文以密码方式绑定到密码文本,因此如果我们在解密操作中不提供加密上下文,则会抛出InvalidCiphertextException 。 But I am not providing encryptionContext while encrypting.但是我在加密时没有提供encryptionContext。
- I also tried using withEncryptionContext(null) while preparing the Encryption and Decryption Context.我还尝试在准备加密和解密上下文时使用 withEncryptionContext(null)。
Do I need to do any other step to manipulate/transform the cipher text before using decryption request ?在使用解密请求之前,我是否需要执行任何其他步骤来操作/转换密文?
can anyone help with this please ?任何人都可以帮忙吗?
1 个解决方案
解决方案1
1 2020-11-04 05:09:10
Just to update here in case anyone got stock at this problem.只是在这里更新以防万一有人在这个问题上有库存。
While debugging found out that, the capacity and the limit of ByteBuffer object obtained using the get methods of the KMS response was different than the default capacity and limit while creating one from the cipherText in the decrypt method.调试时发现,使用KMS响应的get方法获取的ByteBuffer对象的容量和限制与decrypt方法中从cipherText创建时默认的容量和限制不同。 So this caused the exception.所以这导致了异常。
解决方案2
0 2021-11-28 22:58:07
How was this fixed?这是怎么解决的? Can you add a code snippet?你能添加一个代码片段吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.