Skip to content

Instantly share code, notes, and snippets.

View fuzzyami's full-sized avatar
craving pizza

Ami Blonder fuzzyami

craving pizza
  • TLV
View GitHub Profile
fuzzyami /
Last active August 8, 2023 13:55
encrypt and decrypt with kms, boto3 and pyCrypto. Python2 compatible
#!/usr/bin/env python
import base64
from Crypto import Random
import boto3
from Crypto.Cipher import AES
PAD = lambda s: s + (32 - len(s) % 32) * ' '
fuzzyami / gist:f3a7231037166117a6fef9607960aee7
Last active February 2, 2024 17:58
golang encyrpt, decrypt key with kms
The code below shows how to encrypt and then decrypt some plaintext into a cyphertext using
KMS's Encrypt/Decrypt functions and secretbox (
The plaintext message is sealed into a secretbox using a key that is generated by kmsClient.GenerateDataKey().
Note that this procedure reuquires that a master key would *already exist in KMS* and that its arn/alias is specified.
The aws library assumes that the proper credentials can be found in the shared file (~/.aws/credentials)
and opts for the 'default' role.
Once sealed, the cyphertext is then unboxed, again by first getting the key from kms (kmsClient.Decrypt),