我试图将以下链接中找到的代码复制到python / boto3: https://github.com/gilt/node-s3-encryption-client/issues/3
然而,我坚持用以下代码从KMS获取纯文本:
<SolidColorBrush x:Key="MenuItem.Highlight.Background" Color="#3D26A0DA"/>
<SolidColorBrush x:Key="MenuItem.Highlight.Border" Color="#FF26A0DA"/>
<SolidColorBrush x:Key="Menu.Disabled.Foreground" Color="#FF707070"/>
<Style x:Key="MenuItemToggleStyle" TargetType="{x:Type MenuItem}" BasedOn="{StaticResource {x:Type MenuItem}}">
<Style.Triggers>
<MultiTrigger>
<MultiTrigger.Conditions>
<Condition Property="IsChecked" Value="True"/>
<Condition Property="IsCheckable" Value="True"/>
<Condition Property="Role" Value="TopLevelItem"/>
</MultiTrigger.Conditions>
<MultiTrigger.Setters>
<Setter Property="Template">
<Setter.Value>
<ControlTemplate TargetType="MenuItem">
<Border x:Name="templateRoot" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}" Background="{TemplateBinding Background}" SnapsToDevicePixels="true">
<Grid VerticalAlignment="Center">
<Grid.ColumnDefinitions>
<ColumnDefinition Width="Auto"/>
<ColumnDefinition Width="Auto"/>
</Grid.ColumnDefinitions>
<ContentPresenter x:Name="Icon" ContentSource="Icon" HorizontalAlignment="Center" Height="16" Margin="3" SnapsToDevicePixels="{TemplateBinding SnapsToDevicePixels}" VerticalAlignment="Center" Width="16"/>
<ContentPresenter Grid.Column="1" ContentSource="Header" Margin="{TemplateBinding Padding}" RecognizesAccessKey="True" SnapsToDevicePixels="{TemplateBinding SnapsToDevicePixels}"/>
</Grid>
</Border>
<ControlTemplate.Triggers>
<Trigger Property="Icon" Value="{x:Null}">
<Setter Property="Visibility" TargetName="Icon" Value="Collapsed"/>
</Trigger>
<Trigger Property="IsEnabled" Value="False">
<Setter Property="TextElement.Foreground" TargetName="templateRoot" Value="{StaticResource Menu.Disabled.Foreground}"/>
<Setter Property="BorderBrush" TargetName="templateRoot" Value="{StaticResource MenuItem.Highlight.Border}"/>
</Trigger>
<Trigger Property="IsEnabled" Value="True">
<Setter Property="Background" TargetName="templateRoot" Value="{StaticResource MenuItem.Highlight.Background}"/>
<Setter Property="BorderBrush" TargetName="templateRoot" Value="{StaticResource MenuItem.Highlight.Border}"/>
</Trigger>
</ControlTemplate.Triggers>
</ControlTemplate>
</Setter.Value>
</Setter>
</MultiTrigger.Setters>
</MultiTrigger>
</Style.Triggers>
</Style>
boto3的纯文本输出显示如下:
metadata = s3.head_object(Bucket='my bucket', Key='myencryptedemail00045')
kmsKeyBase64 = metadata['Metadata']['x-amz-key-v2']
iv = metadata['Metadata']['x-amz-iv']
taglen = (int(metadata['Metadata']['x-amz-tag-len']))/8
algo = metadata['Metadata']['x-amz-cek-alg']
encryptionContext = json.loads(metadata['Metadata']['x-amz-matdesc'])
kmsKeyBase = base64.b64decode(kmsKeyBase64)
response = kms.decrypt(CiphertextBlob=kmsKeyBase, EncryptionContext=encryptionContext)
print (response)
如果我在AWS CLI中使用与kms解密相同的输入,我会得到正确的输出,如下所示:
{u'Plaintext': '\x13I&\x99\xfd\x07\x12\x13\x08M\xf4\x8f\xc4\xae\xc1\x9c\x16\xc2\x88\xaf\xda\xf7\xcf\xfe\x07\xa1\xb7S\x1d\n%\xd7'
CLI输出:
aws kms decrypt --ciphertext-blob fileb://<(echo 'AQIDAHh/JCD4iDXb1vJh8MhaLBj6MyPnIB57hOtOlVzmpYZUereim0TFFcTueWN+w0Njd4IhPAAAAfjB8BgkqhkiereungbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMvYra4oU2QfFPI0tdAgEQgDuYGmtfQf/1reukNRiD6oGrv3BJuztdkeVrpPxkGzEY25otr143WKrA0YCEcmILYPfXOn3OJT2CShCH31w==' | base64 -d) --encryption-context '{"aws:ses:source-account": "XXXXXXXX", "aws:ses:message-id": "v235k9p8t2jf45u9dlnh6i45sc163di3a2m3u081", "kms_cmk_id": "arn:aws:kms:us-west-2:XXXXXXXXXXX:alias/rockondel-ses", "aws:ses:rule-name": "encrypt-test"}'
}
知道我做错了吗?
答案 0 :(得分:0)
我想您,AWS CLI的输出只是对纯文本进行编码的base64。
from base64 import b64encode
b64encode(b'\x13I&\x99\xfd\x07\x12\x13\x08M\xf4\x8f\xc4\xae\xc1\x9c\x16\xc2\x88\xaf\xda\xf7\xcf\xfe\x07\xa1\xb7S\x1d\n%\xd7')
b'E0kmmf0HEhMITfSPxK7BnBbCiK/a98/+B6G3Ux0KJdc='