如何在Python中从AWS Connect解密字符串

时间:2019-04-24 20:56:12

标签: python amazon-web-services encryption aws-lambda

我正在处理Amazon Connect中的联系流程,该流程对客户拨打的信息进行加密,实际上我无法在基于Python的Lambda上解密结果字符串

我已经在AWS开发者论坛上关注了一些可用的文档,还尝试了更改我的lambda和Connect上的证书

import base64
import boto3
import aws_encryption_sdk
from aws_encryption_sdk.internal.crypto import WrappingKey
from aws_encryption_sdk.key_providers.raw import RawMasterKeyProvider
from aws_encryption_sdk.identifiers import WrappingAlgorithm, EncryptionKeyType
import logging

class StaticMasterKeyProvider(RawMasterKeyProvider):
    provider_id = 'AmazonConnect'

    def __init__(self, **kwargs):
        self._static_keys = {}

    def _get_raw_key(self, key_id):
        try:
           static_key = self._static_keys[key_id]
        except KeyError:
            # X.509 private key file
            static_key = open('blog.connect.private.key', 'rb').read()
            self._static_keys[key_id] = static_key
        return WrappingKey(
            wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1,
            wrapping_key=static_key,
            wrapping_key_type=EncryptionKeyType.PRIVATE
        )

def decrypt_string(encrypted_text):
    encrypted_text = base64.b64decode(encrypted_text)

    # key id specified in amazon connect
    static_key_id = 'KEY Provided By AWS Connect after upload the Public Key'
    static_master_key_provider = StaticMasterKeyProvider()
    static_master_key_provider.add_master_key(static_key_id)

    plaintext, decrypted_header = aws_encryption_sdk.decrypt(
        source=encrypted_text,
        key_provider=static_master_key_provider
    )

log = logging.getLogger('test')
logging.basicConfig(level=logging.DEBUG)
log.setLevel(logging.DEBUG)
log.root.setLevel(logging.DEBUG)
encrypted_text = 'Encrypted Text'
print(decrypt_string(encrypted_text))

当我尝试执行此代码时,出现下一个错误:ValueError:解密失败,而不是未加密的值

有人可以帮我吗?我已经花了大约5个小时来检查Python SDK文档,但无法正确解密信息。

1 个答案:

答案 0 :(得分:0)

来自github answer AWS团队的下一个代码段回答了该问题:

from aws_encryption_sdk.key_providers.raw import RawMasterKeyProvider, WrappingKey
from aws_encryption_sdk.identifiers import EncryptionKeyType, WrappingAlgorithm

class AmazonConnectRawMasterKeyProvider(RawMasterKeyProvider):
    provider_id = "AmazonConnect"

    def _get_raw_key(self, key_id):
        # NOTE: key_id will be your contact flow ID
        static_key = load_my_key_from_wherever()
        return WrappingKey(
            wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA512_MGF1,
            wrapping_key=static_key,
            wrapping_key_type=EncryptionKeyType.PRIVATE,
        )

他们使用RSA_OAEP_SHA512_MGF1作为包装算法,因此在返回原始密钥(使用私钥)时需要声明它。

相关问题
最新问题