[英]Decrypt cypherTextBlob using AWS KMS programmatically in Java ? InvalidCiphertextException
I am a bit new to cryptography and never used AWS KMS to encrypt data before.我对密码学有点陌生,以前从未使用过 AWS KMS 来加密数据。 I am using AWS SDK for Java for KMS.我正在将 AWS SDK for Java 用于 KMS。 But while trying to encrypt and decrypt using AWS KMS API Operations, I am facing the exception InvalidCiphertextException但是在尝试使用 AWS KMS API 操作进行加密和解密时,我遇到了异常 InvalidCiphertextException
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>kms</artifactId>
<version>2.15.19</version>
</dependency>
Encrypt part加密部分
String encrypt(String plainText){
EncryptRequest encryptRequest = new EncryptRequest().withKeyId(keyId).withPlaintext(plainText);
//calling encrypt function here
EncryptResult response = kmsClient.encrypt(encryptRequest);
cipherText = new String(response.getCiphertextBlob().array());
//calling decrypt function here
return decrypt(cipherText);
}
Decrypt part in decrypt method解密方法中的解密部分
public String decrypt(String cipherText){
ByteBuffer cyphertextBlob = ByteBuffer.wrap(cipherText.getBytes());
//Point 1: Exception is thrown at this point while calling decrypt operation API.
DecryptRequest request = new DecryptRequest().withKeyId(keyId).withCiphertextBlob(cyphertextBlob);
}
The problem is I get the following error at the point of making the api call (Point 1)问题是我在进行 api 调用时出现以下错误(第 1 点)
com.amazonaws.services.kms.model.InvalidCiphertextException: null (Service: AWSKMS; Status Code: 400; Error Code: InvalidCiphertextException; Request ID: 45720b33-3637-490a-8c6a-d7491ccadf94; Proxy: null)
InvalidCiphertextException.无效的密文异常。 While going through AWS documents, here are the points I understood,在浏览 AWS 文档时,以下是我理解的要点,
Do I need to do any other step to manipulate/transform the cipher text before using decryption request ?在使用解密请求之前,我是否需要执行任何其他步骤来操作/转换密文?
can anyone help with this please ?任何人都可以帮忙吗?
Just to update here in case anyone got stock at this problem.只是在这里更新以防万一有人在这个问题上有库存。
While debugging found out that, the capacity and the limit of ByteBuffer object obtained using the get methods of the KMS response was different than the default capacity and limit while creating one from the cipherText in the decrypt method.调试时发现,使用KMS响应的get方法获取的ByteBuffer对象的容量和限制与decrypt方法中从cipherText创建时默认的容量和限制不同。 So this caused the exception.所以这导致了异常。
How was this fixed?这是怎么解决的? Can you add a code snippet?你能添加一个代码片段吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.