Why is my AWS KMS decrypt not giving me back the string I just encrypted?
up vote
0
down vote
favorite
Here is my code:
const AWS = require('aws-sdk');
const btoa = require('btoa');
let kms = new AWS.KMS({
accessKeyId: 'redacted',
secretAccessKey: 'redacted',
region: 'us-east-1'
});
let params = {
KeyId: 'redacted',
Plaintext: 'abcde'
};
let encrypted = kms.encrypt(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
let x = {
CiphertextBlob: data.CiphertextBlob
};
kms.decrypt(x, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(btoa(data.Plaintext)); // successful response
});
}
});
I am just trying to encrypt the string abcde and then decrypt it, but this is not working. For awhile I was getting InvalidCipherException, but now the output of console.log(btoa(data.Plaintext)); is YWJjZGU=.
I cannot fathom what I'm doing wrong here but I suspect it has to do with base64 encoding. I have tried so many variants on this code but cannot deduce the problem. Does anyone see what I'm doing wrong here?
node.js amazon-web-services encryption base64 aws-kms
asked Nov 19 at 16:30
Aerovistae
16.5k2895160
add a comment |
up vote
0
down vote
favorite
Here is my code:
const AWS = require('aws-sdk');
const btoa = require('btoa');
let kms = new AWS.KMS({
accessKeyId: 'redacted',
secretAccessKey: 'redacted',
region: 'us-east-1'
});
let params = {
KeyId: 'redacted',
Plaintext: 'abcde'
};
let encrypted = kms.encrypt(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
let x = {
CiphertextBlob: data.CiphertextBlob
};
kms.decrypt(x, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(btoa(data.Plaintext)); // successful response
});
}
});
I am just trying to encrypt the string abcde and then decrypt it, but this is not working. For awhile I was getting InvalidCipherException, but now the output of console.log(btoa(data.Plaintext)); is YWJjZGU=.
I cannot fathom what I'm doing wrong here but I suspect it has to do with base64 encoding. I have tried so many variants on this code but cannot deduce the problem. Does anyone see what I'm doing wrong here?
node.js amazon-web-services encryption base64 aws-kms
asked Nov 19 at 16:30
Aerovistae
16.5k2895160
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Here is my code:
const AWS = require('aws-sdk');
const btoa = require('btoa');
let kms = new AWS.KMS({
accessKeyId: 'redacted',
secretAccessKey: 'redacted',
region: 'us-east-1'
});
let params = {
KeyId: 'redacted',
Plaintext: 'abcde'
};
let encrypted = kms.encrypt(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
let x = {
CiphertextBlob: data.CiphertextBlob
};
kms.decrypt(x, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(btoa(data.Plaintext)); // successful response
});
}
});
I am just trying to encrypt the string abcde and then decrypt it, but this is not working. For awhile I was getting InvalidCipherException, but now the output of console.log(btoa(data.Plaintext)); is YWJjZGU=.
I cannot fathom what I'm doing wrong here but I suspect it has to do with base64 encoding. I have tried so many variants on this code but cannot deduce the problem. Does anyone see what I'm doing wrong here?
node.js amazon-web-services encryption base64 aws-kms
asked Nov 19 at 16:30
Aerovistae
16.5k2895160
Here is my code:
const AWS = require('aws-sdk');
const btoa = require('btoa');
let kms = new AWS.KMS({
accessKeyId: 'redacted',
secretAccessKey: 'redacted',
region: 'us-east-1'
});
let params = {
KeyId: 'redacted',
Plaintext: 'abcde'
};
let encrypted = kms.encrypt(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
let x = {
CiphertextBlob: data.CiphertextBlob
};
kms.decrypt(x, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(btoa(data.Plaintext)); // successful response
});
}
});
I am just trying to encrypt the string abcde and then decrypt it, but this is not working. For awhile I was getting InvalidCipherException, but now the output of console.log(btoa(data.Plaintext)); is YWJjZGU=.
I cannot fathom what I'm doing wrong here but I suspect it has to do with base64 encoding. I have tried so many variants on this code but cannot deduce the problem. Does anyone see what I'm doing wrong here?
node.js amazon-web-services encryption base64 aws-kms
node.js amazon-web-services encryption base64 aws-kms
asked Nov 19 at 16:30
Aerovistae
16.5k2895160
asked Nov 19 at 16:30
Aerovistae
16.5k2895160
edited Nov 19 at 20:07
asked Nov 19 at 16:30
Aerovistae
16.5k2895160
asked Nov 19 at 16:30
Aerovistae
16.5k2895160
asked Nov 19 at 16:30
Aerovistae
16.5k2895160
16.5k2895160
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
I was using btoa when I should have been using atob. I would swear I already tried that, but who can say.
Since I thought atob was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt method wants a binary string, which is the "original content" here. KMS.encrypt base64-encoded the encrypted string for transmission, and KMS.decrypt expects it to be coded out of that format before being given as a parameter.
answered Nov 19 at 16:38
Aerovistae
16.5k2895160
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
I was using btoa when I should have been using atob. I would swear I already tried that, but who can say.
Since I thought atob was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt method wants a binary string, which is the "original content" here. KMS.encrypt base64-encoded the encrypted string for transmission, and KMS.decrypt expects it to be coded out of that format before being given as a parameter.
answered Nov 19 at 16:38
Aerovistae
16.5k2895160
add a comment |
up vote
1
down vote
accepted
I was using btoa when I should have been using atob. I would swear I already tried that, but who can say.
Since I thought atob was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt method wants a binary string, which is the "original content" here. KMS.encrypt base64-encoded the encrypted string for transmission, and KMS.decrypt expects it to be coded out of that format before being given as a parameter.
answered Nov 19 at 16:38
Aerovistae
16.5k2895160
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
I was using btoa when I should have been using atob. I would swear I already tried that, but who can say.
Since I thought atob was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt method wants a binary string, which is the "original content" here. KMS.encrypt base64-encoded the encrypted string for transmission, and KMS.decrypt expects it to be coded out of that format before being given as a parameter.
answered Nov 19 at 16:38
Aerovistae
16.5k2895160
I was using btoa when I should have been using atob. I would swear I already tried that, but who can say.
Since I thought atob was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt method wants a binary string, which is the "original content" here. KMS.encrypt base64-encoded the encrypted string for transmission, and KMS.decrypt expects it to be coded out of that format before being given as a parameter.
answered Nov 19 at 16:38
Aerovistae
16.5k2895160
edited Nov 19 at 20:09
answered Nov 19 at 16:38
Aerovistae
16.5k2895160
answered Nov 19 at 16:38
Aerovistae
16.5k2895160
answered Nov 19 at 16:38
Aerovistae
16.5k2895160
16.5k2895160
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53378957%2fwhy-is-my-aws-kms-decrypt-not-giving-me-back-the-string-i-just-encrypted%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
