This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import base64 | |
| from Crypto import Random | |
| import boto3 | |
| from Crypto.Cipher import AES | |
| PAD = lambda s: s + (32 - len(s) % 32) * ' ' |
fuzzyami
/ gist:f3a7231037166117a6fef9607960aee7
Last active
February 2, 2024 17:58
golang encyrpt, decrypt key with kms
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| The code below shows how to encrypt and then decrypt some plaintext into a cyphertext using | |
| KMS's Encrypt/Decrypt functions and secretbox (https://godoc.org/golang.org/x/crypto/nacl/secretbox). | |
| The plaintext message is sealed into a secretbox using a key that is generated by kmsClient.GenerateDataKey(). | |
| Note that this procedure reuquires that a master key would *already exist in KMS* and that its arn/alias is specified. | |
| The aws library assumes that the proper credentials can be found in the shared file (~/.aws/credentials) | |
| and opts for the 'default' role. | |
| Once sealed, the cyphertext is then unboxed, again by first getting the key from kms (kmsClient.Decrypt), |