Created
January 14, 2015 20:47
-
-
Save russau/6fd3067f28a5cb1de53f to your computer and use it in GitHub Desktop.
Introduction to KMS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using Amazon; | |
using Amazon.KeyManagementService; | |
using Amazon.KeyManagementService.Model; | |
using System; | |
using System.Collections.Generic; | |
using System.IO; | |
using System.Linq; | |
using System.Text; | |
using System.Threading.Tasks; | |
namespace KmsPlayground | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ | |
AmazonKeyManagementServiceClient client = new AmazonKeyManagementServiceClient(RegionEndpoint.USEast1); | |
///// | |
// Create a key | |
///// | |
CreateKeyResponse keyResponse = client.CreateKey(new Amazon.KeyManagementService.Model.CreateKeyRequest | |
{ | |
Description = "testKey", | |
KeyUsage = KeyUsageType.ENCRYPT_DECRYPT | |
}); | |
string keyid = keyResponse.KeyMetadata.KeyId; | |
///// | |
// Encrypt something | |
///// | |
EncryptResponse response; | |
using (var ms = new MemoryStream()) | |
{ | |
StreamWriter sw = new StreamWriter(ms); | |
sw.WriteLine("Hello World"); | |
sw.Flush(); | |
response = client.Encrypt(new EncryptRequest | |
{ | |
KeyId = keyid, | |
Plaintext = ms | |
}); | |
} | |
///// | |
// Decrypt something | |
///// | |
string base64 = Convert.ToBase64String(response.CiphertextBlob.ToArray()); | |
Console.WriteLine("CipherText: {0}", base64); | |
DecryptResponse decryptResponse; | |
using (var ms = new MemoryStream(Convert.FromBase64String(base64))) | |
{ | |
decryptResponse = client.Decrypt(new DecryptRequest | |
{ | |
CiphertextBlob = ms | |
}); | |
} | |
string decrypted = System.Text.Encoding.UTF8.GetString(decryptResponse.Plaintext.ToArray()); | |
Console.WriteLine("Decrypted: {0}", decrypted); | |
///// | |
// Create a data key | |
///// | |
GenerateDataKeyResponse generateDataKeyResponse = client.GenerateDataKey(new GenerateDataKeyRequest | |
{ | |
KeyId = keyid, | |
KeySpec = DataKeySpec.AES_256 | |
}); | |
byte[] encrKey = generateDataKeyResponse.CiphertextBlob.ToArray(); | |
byte[] plainKey = generateDataKeyResponse.Plaintext.ToArray(); | |
Console.WriteLine(" encrypted key: {0}", Convert.ToBase64String(encrKey)); | |
Console.WriteLine(" plaintext key: {0}", Convert.ToBase64String(plainKey)); | |
////// | |
// I want my plaintext key back | |
////// | |
using (var ms = new MemoryStream(encrKey)) | |
{ | |
decryptResponse = client.Decrypt(new DecryptRequest | |
{ | |
CiphertextBlob = ms | |
}); | |
} | |
Console.WriteLine(" plaintext key: {0}", Convert.ToBase64String(decryptResponse.Plaintext.ToArray())); | |
///// | |
// Tell me about my keys | |
///// | |
ListKeysResponse listKeysResponse = client.ListKeys(new ListKeysRequest()); | |
foreach (var key in listKeysResponse.Keys) | |
{ | |
Console.WriteLine(" key ARN: {0}", key.KeyArn); | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment