Eamonn Faherty eamonnfaherty

## envelope_encryption_kms_boto_pycrypto.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                eamonnfaherty
                / envelope_encryption_kms_boto_pycrypto.md
            
            
              Created
              August 21, 2016 22:12
                — forked from pmp/envelope_encryption_kms_boto_pycrypto.md
            
              
                Envelope Encryption using AWS KMS, Python Boto, and PyCrypto.
              
          
    If you use Amazon AWS for nearly anything, then you are probably familiar with KMS, the Amazon Key Management Service.
KMS is a service which allows API-level access to cryptographic primitives without the expense and complexity of a full-fledged HSM or CloudHSM implementation. There are trade-offs in that the key material does reside on servers rather than tamper-proof devices, but these risks should be acceptable to a wide range of customers based on the care Amazon has put into the product. You should perform your own diligence on whether KMS is appropriate for your environment. If the security profile is not adequate, you should consider a stronger product such as CloudHSM or managing your own HSM solutions.
The goal here is to provide some introductory code on how to perform envelope encrypt a message using the AWS KMS API.
KMS allows you to encrypt messages of up to 4kb in size directly using the encrypt()/decrypt() API.
To exceed these limitations, you must use a technique called "envelope encryptio

  
## install xapian inside virtualenv
apt-get install zlib1g-dev
apt-get install g++

export VENV=$VIRTUAL_ENV
mkdir $VENV/packages && cd $VENV/packages

curl -O http://oligarchy.co.uk/xapian/1.2.12/xapian-core-1.2.12.tar.gz
curl -O http://oligarchy.co.uk/xapian/1.2.12/xapian-bindings-1.2.12.tar.gz

tar xzvf xapian-core-1.2.12.tar.gz

## gist:2044238
                //if you can use polymorphism instead of a switch
                return _appRequest.marshaller(_payloadSerializer);

                //If your TargettedAppRequest class is part of another api use an adapter wrapper
                return new MyAppRequestAdapter(_appRequest).marshaller(_payloadSerializer);

//thinking behind - factories are handy for complex object creation and for families of related objects but for this I would use an adapter class with the switch inside it - I find them easier to read.
	apt-get install zlib1g-dev
	apt-get install g++

	export VENV=$VIRTUAL_ENV
	mkdir $VENV/packages && cd $VENV/packages

	curl -O http://oligarchy.co.uk/xapian/1.2.12/xapian-core-1.2.12.tar.gz
	curl -O http://oligarchy.co.uk/xapian/1.2.12/xapian-bindings-1.2.12.tar.gz

	tar xzvf xapian-core-1.2.12.tar.gz
	//if you can use polymorphism instead of a switch
	return _appRequest.marshaller(_payloadSerializer);

	//If your TargettedAppRequest class is part of another api use an adapter wrapper
	return new MyAppRequestAdapter(_appRequest).marshaller(_payloadSerializer);

	//thinking behind - factories are handy for complex object creation and for families of related objects but for this I would use an adapter class with the switch inside it - I find them easier to read.