Why is my AWS KMS decrypt not giving me back the string I just encrypted?
Here is my code:
const AWS = require('aws-sdk');
const btoa = require('btoa');
let kms = new AWS.KMS({
accessKeyId: 'redacted',
secretAccessKey: 'redacted',
region: 'us-east-1'
});
let params = {
KeyId: 'redacted',
Plaintext: 'abcde'
};
let encrypted = kms.encrypt(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
let x = {
CiphertextBlob: data.CiphertextBlob
};
kms.decrypt(x, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(btoa(data.Plaintext)); // successful response
});
}
});
I am just trying to encrypt the string abcde
and then decrypt it, but this is not working. For awhile I was getting InvalidCipherException
, but now the output of console.log(btoa(data.Plaintext));
is YWJjZGU=
.
I cannot fathom what I'm doing wrong here but I suspect it has to do with base64 encoding. I have tried so many variants on this code but cannot deduce the problem. Does anyone see what I'm doing wrong here?
node.js amazon-web-services encryption base64 aws-kms
add a comment |
Here is my code:
const AWS = require('aws-sdk');
const btoa = require('btoa');
let kms = new AWS.KMS({
accessKeyId: 'redacted',
secretAccessKey: 'redacted',
region: 'us-east-1'
});
let params = {
KeyId: 'redacted',
Plaintext: 'abcde'
};
let encrypted = kms.encrypt(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
let x = {
CiphertextBlob: data.CiphertextBlob
};
kms.decrypt(x, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(btoa(data.Plaintext)); // successful response
});
}
});
I am just trying to encrypt the string abcde
and then decrypt it, but this is not working. For awhile I was getting InvalidCipherException
, but now the output of console.log(btoa(data.Plaintext));
is YWJjZGU=
.
I cannot fathom what I'm doing wrong here but I suspect it has to do with base64 encoding. I have tried so many variants on this code but cannot deduce the problem. Does anyone see what I'm doing wrong here?
node.js amazon-web-services encryption base64 aws-kms
add a comment |
Here is my code:
const AWS = require('aws-sdk');
const btoa = require('btoa');
let kms = new AWS.KMS({
accessKeyId: 'redacted',
secretAccessKey: 'redacted',
region: 'us-east-1'
});
let params = {
KeyId: 'redacted',
Plaintext: 'abcde'
};
let encrypted = kms.encrypt(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
let x = {
CiphertextBlob: data.CiphertextBlob
};
kms.decrypt(x, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(btoa(data.Plaintext)); // successful response
});
}
});
I am just trying to encrypt the string abcde
and then decrypt it, but this is not working. For awhile I was getting InvalidCipherException
, but now the output of console.log(btoa(data.Plaintext));
is YWJjZGU=
.
I cannot fathom what I'm doing wrong here but I suspect it has to do with base64 encoding. I have tried so many variants on this code but cannot deduce the problem. Does anyone see what I'm doing wrong here?
node.js amazon-web-services encryption base64 aws-kms
Here is my code:
const AWS = require('aws-sdk');
const btoa = require('btoa');
let kms = new AWS.KMS({
accessKeyId: 'redacted',
secretAccessKey: 'redacted',
region: 'us-east-1'
});
let params = {
KeyId: 'redacted',
Plaintext: 'abcde'
};
let encrypted = kms.encrypt(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
let x = {
CiphertextBlob: data.CiphertextBlob
};
kms.decrypt(x, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(btoa(data.Plaintext)); // successful response
});
}
});
I am just trying to encrypt the string abcde
and then decrypt it, but this is not working. For awhile I was getting InvalidCipherException
, but now the output of console.log(btoa(data.Plaintext));
is YWJjZGU=
.
I cannot fathom what I'm doing wrong here but I suspect it has to do with base64 encoding. I have tried so many variants on this code but cannot deduce the problem. Does anyone see what I'm doing wrong here?
node.js amazon-web-services encryption base64 aws-kms
node.js amazon-web-services encryption base64 aws-kms
edited Nov 19 '18 at 20:07
temporary_user_name
asked Nov 19 '18 at 16:30
temporary_user_nametemporary_user_name
16.7k2897162
16.7k2897162
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I was using btoa
when I should have been using atob
. I would swear I already tried that, but who can say.
Since I thought atob
was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt
method wants a binary string, which is the "original content" here. KMS.encrypt
base64-encoded the encrypted string for transmission, and KMS.decrypt
expects it to be coded out of that format before being given as a parameter.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53378957%2fwhy-is-my-aws-kms-decrypt-not-giving-me-back-the-string-i-just-encrypted%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I was using btoa
when I should have been using atob
. I would swear I already tried that, but who can say.
Since I thought atob
was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt
method wants a binary string, which is the "original content" here. KMS.encrypt
base64-encoded the encrypted string for transmission, and KMS.decrypt
expects it to be coded out of that format before being given as a parameter.
add a comment |
I was using btoa
when I should have been using atob
. I would swear I already tried that, but who can say.
Since I thought atob
was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt
method wants a binary string, which is the "original content" here. KMS.encrypt
base64-encoded the encrypted string for transmission, and KMS.decrypt
expects it to be coded out of that format before being given as a parameter.
add a comment |
I was using btoa
when I should have been using atob
. I would swear I already tried that, but who can say.
Since I thought atob
was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt
method wants a binary string, which is the "original content" here. KMS.encrypt
base64-encoded the encrypted string for transmission, and KMS.decrypt
expects it to be coded out of that format before being given as a parameter.
I was using btoa
when I should have been using atob
. I would swear I already tried that, but who can say.
Since I thought atob
was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt
method wants a binary string, which is the "original content" here. KMS.encrypt
base64-encoded the encrypted string for transmission, and KMS.decrypt
expects it to be coded out of that format before being given as a parameter.
edited Nov 19 '18 at 20:09
answered Nov 19 '18 at 16:38
temporary_user_nametemporary_user_name
16.7k2897162
16.7k2897162
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53378957%2fwhy-is-my-aws-kms-decrypt-not-giving-me-back-the-string-i-just-encrypted%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown