ä»æ¥ãawscliã®ããŒãžã§ã³1.6.6ã«ã¢ããã°ã¬ãŒãããŸããããawskms埩å·åã埩å·åã«å€±æãå§ããŸããã 1.6.5ã§åäœããŸãã
$> aws --version
aws-cli/1.6.6 Python/2.7.6 Darwin/13.4.0
$> python -V
Python 2.7.6
$> aws kms encrypt --key-id REDACTED --plaintext foo
{
"KeyId": "arn:aws:kms:us-east-1:REDACTED:key/REDACTED",
"CiphertextBlob": "CiDdiD7jljnCzXlfZUp27Y4LDY+QJa2Zqcw/7+ihfBDo7hKKAQEBAgB43Yg+45Y5ws15X2VKdu2OCw2PkCWtmanMP+/ooXwQ6O4AAABhMF8GCSqGSIb3DQEHBqBSMFACAQAwSwYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAwVt2CzbGDR2nUwszQCARCAHgdJ4aHQ4i7TMzBN6XlKcC73oilECgep+basamtnXQ=="
}
$> aws kms decrypt --ciphertext-blob CiDdiD7jljnCzXlfZUp27Y4LDY+QJa2Zqcw/7+ihfBDo7hKKAQEBAgB43Yg+45Y5ws15X2VKdu2OCw2PkCWtmanMP+/ooXwQ6O4AAABhMF8GCSqGSIb3DQEHBqBSMFACAQAwSwYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAwVt2CzbGDR2nUwszQCARCAHgdJ4aHQ4i7TMzBN6XlKcC73oilECgep+basamtnXQ==
A client error (InvalidCiphertextException) occurred when calling the Decrypt operation: None
$> pip freeze
Babel==1.3
Fabric==1.10.0
Jinja2==2.7.3
MarkupSafe==0.23
Pillow==2.6.1
PyChef==0.2.3
PyYAML==3.11
Pygments==2.0.1
Sphinx==1.2.3
argparse==1.2.1
astroid==1.2.1
awscli==1.6.6
bcdoc==0.12.2
binaryornot==0.3.0
boto==2.34.0
botocore==0.77.0
box.py==1.2.8
cffi==0.8.6
cliff==1.8.0
cmd2==0.6.7
colorama==0.2.5
cookiecutter==0.8.0
coverage==3.7.1
cryptography==0.6.1
decorator==3.4.0
docutils==0.12
dogapi==1.8.5
ecdsa==0.11
futures==2.2.0
httplib2==0.9
httpretty==0.8.3
iso8601==0.1.10
jmespath==0.5.0
jsonpatch==1.9
jsonpointer==1.5
jsonschema==2.4.0
kazoo==2.0
keyring==4.0
logilab-common==0.63.0
lxml==3.4.0
mock==1.0.1
mockito==0.5.2
netaddr==0.7.12
nose==1.3.4
numpy==1.9.1
oath==1.2
oslo.config==1.4.0
oslo.i18n==1.0.0
oslo.serialization==1.0.0
oslo.utils==1.0.0
paramiko==1.15.1
pbr==0.10.0
prettytable==0.7.2
pyOpenSSL==0.14
pyasn1==0.1.7
pycparser==2.10
pycrypto==2.6.1
pylint==1.3.1
pyparsing==2.0.3
python-ceilometerclient==1.0.12
python-cinderclient==1.1.1
python-dateutil==2.3
python-glanceclient==0.14.2
python-heatclient==0.2.12
python-keystoneclient==0.11.2
python-neutronclient==2.3.9
python-novaclient==2.20.0
python-openstackclient==0.4.1
python-swiftclient==2.3.1
python-troveclient==1.0.7
pytz==2014.9
qrcode==5.1
requests==2.4.3
rsa==3.1.2
scipy==0.14.0
simplejson==3.6.5
six==1.8.0
stevedore==1.1.0
urllib3==1.9.1
virtualenv==1.11.6
warlock==1.1.0
wsgiref==0.1.2
äœãèµ·ãã£ãŠãããã«ã€ããŠã®ã»ãã®å°ãã®èæ¯æ å ±ïŒ
1.6.6ã§ã¯ã以åã«ãšã³ã³ãŒãããŠãããblobãã¿ã€ããbase64ã§ãšã³ã³ãŒãããŠããªãã£ããªã°ã¬ãã·ã§ã³ãä¿®æ£ããŸããã ãã®çµæããblobãã¿ã€ããšããŠããŒã¯ããããã©ã¡ãŒã¿ã«çã®ãã€ããªãã€ããæå®ããå¿ èŠããããå éšçã«ã¯èªåçã«base64ã§ãšã³ã³ãŒããããŸãã ããã¯ãããŒæå·åãã©ãŠã³ãããªããããã«ã¯ãæåã«base64ããã³ãŒãããå¿ èŠãããããšãæå³ããŸãã
$ aws kms encrypt --key-id <key-id> --plaintext "abcd" --query CiphertextBlob --output text | base64 -D > /tmp/encrypted-file
$ echo "Decrypted: $(aws kms decrypt --ciphertext-blob fileb:///tmp/encrypted-file --query Plaintext --output text | base64 -D)"
Decrypted: abcd
ãã®äŸã§ã¯ããã€ããªã³ã³ãã³ããå«ããã¡ã€ã«ã§ããããã fileb://
ãã¬ãã£ãã¯ã¹ã䜿çšããŠããŸãã
è¡åã¯ãã®ãŸãŸã«ããŠããã¹ãã ãšæããŸãã ãã®æåã®åé¡ã®åäœã¯ã1.6.6ã§ä¿®æ£ããã1.6.5ã®ãªã°ã¬ãã·ã§ã³ã«äŸåããŠãããããæ¢åã®åäœãå€æŽããããšã¯ã§ããŸãããããã¯ãã客æ§ã«ãšã£ãŠé倧ãªå€æŽãšãªãããã§ãã äžèšã®ã¹ããããã®äŸã¯ãAWS CLIã§ãã€ããªå ¥å/åºåãåŠçããããã®äºæ³ãããæ¹æ³ã§ããããã®æè¿ã®ãªã°ã¬ãã·ã§ã³ãé€ããŠããã®åäœãåžžã«è¡ãããŠããæ¹æ³ã§ãã
æŽæ°ããŠããã ãããããšãããããŸãïŒ
å®éãåé¡ïŒ1001ãšåæ§ã®ãšã©ãŒãçºçããŠããŸãã
$> aws kms encrypt --key-id $KMS_KEY_ID --plaintext "abcd" --query CiphertextBlob --output text | base64 -D > /tmp/encrypted-file
$> echo "Decrypted: $(aws kms decrypt --ciphertext-blob fileb:///tmp/encrypted-file --query Plaintext --output text | base64 -D)"
'ascii' codec can't decode byte 0xdd in position 2: ordinal not in range(128)
Decrypted:
@mtougeron䜿çšããŠããAWSCLIã®ããŒãžã§ã³ã¯äœã§ããïŒ AWS CLIã®ææ°ããŒãžã§ã³ïŒ1.6.8ïŒã§åè©Šè¡ããŸãããããã®åé¡ã¯çºçããŠããŸããã
~ $ aws kms encrypt --key-id $AWS_KEY_ID --plaintext "abcd" --query CiphertextBlob --output text | base64 -D > /tmp/encrypted-file
~ $ hexdump -C /tmp/encrypted-file
00000000 0a 20 e1 68 92 dc 42 40 fe 07 80 ca f6 54 1c 68 |. [email protected]|
00000010 e2 45 80 bb c3 e0 2a 2f 91 50 7c ac c3 02 9b c9 |.E....*/.P|.....|
00000020 a8 b3 12 8b 01 01 01 02 00 78 e1 68 92 dc 42 40 |.........x.h..B@|
00000030 fe 07 80 ca f6 54 1c 68 e2 45 80 bb c3 e0 2a 2f |.....T.h.E....*/|
00000040 91 50 7c ac c3 02 9b c9 a8 b3 00 00 00 62 30 60 |.P|..........b0`|
00000050 06 09 2a 86 48 86 f7 0d 01 07 06 a0 53 30 51 02 |..*.H.......S0Q.|
00000060 01 00 30 4c 06 09 2a 86 48 86 f7 0d 01 07 01 30 |..0L..*.H......0|
00000070 1e 06 09 60 86 48 01 65 03 04 01 2e 30 11 04 0c |...`.H.e....0...|
00000080 41 de f2 2a a6 c5 38 ef 8a 52 54 92 02 01 10 80 |A..*..8..RT.....|
00000090 1f 2e 01 90 65 7a 21 8c dd 05 e4 4d 09 64 85 c4 |....ez!....M.d..|
000000a0 33 e3 3d e9 ce 33 6b e9 00 93 ec e5 54 33 8b 3b |3.=..3k.....T3.;|
000000b0
~ $ echo "Decrypted: $(aws kms decrypt --ciphertext-blob fileb:///tmp/encrypted-file --query Plaintext --output text | base64 -D)"
Decrypted: abcd
~ $ aws --version
aws-cli/1.6.8 Python/2.7.7 Darwin/13.4.0
@ jamesls1.6.8ã§åäœããããã«ãªããŸããã ããããšã
@jameslså人çã«ã¯ãããã¯éåžžã«æªãUIã ãšæããŸãã æå·åããååŸãããã®ãšåãæå·æã埩å·åã«æž¡ãããšãã§ããŸãããïŒ æ¢åã®é¡§å®¢ãå£ããããªãããã«å€æŽã§ããªãå Žåã¯ãå°ãªããšãããè¯ããšã©ãŒã¡ãã»ãŒãžãæäŸããŠãã ããã
A client error (InvalidCiphertextException) occurred when calling the Decrypt operation: None
åé¡ã解決ããããã«äœããã¹ããããªã¢ãŒãã§æããŠãããŸããã æå·ãããããBase64ã§ããããšãæ€åºããããé©åãªãšã©ãŒãåºåããŠãURLãªã©ãæãããšãã§ããŸãã
ãŸãã¯ããæåã«base64ããããããã³ãŒãããããšããè¿œå ã®ãã©ã°ãdecrypt
ã«æž¡ããŠã¿ãŸãããïŒ
åŸã§ããã«æ¥ã人ã®ããã«ãæå·æããã¡ã€ã«ã«ä¿åããã«ãããè¡ãããã«ãããªãã¯ããããšãã§ããŸãïŒ
aws kms decrypt --ciphertext-blob fileb://<(echo 'ciphertext' | base64 -d)
泚ïŒä»¥äžã®@hauntingEchoã§ææãããŠ<(cmd)
ã¯POSIXã«æºæ ããŠããªãããã sh
ã䜿çšããŠããå Žåã¯æ©èœããŸãããã bash
ãšzsh
æ£åžžã«æ©èœããŸãã
ReïŒ @thegranddesignã®ã³ã¡ã³ããOS Xã§ã¯ãå°ãªããšãbase64
ã¯å€§æåã®ãDãã䜿çšããå¿
èŠããããŸããã äŸãã°ïŒ
$ echo "Decrypted: $(aws kms decrypt --ciphertext-blob fileb://<(echo $ENCRYPTED_DATA | base64 -D) --query Plaintext --output text | base64 -D)"
Decrypted: Hello world!
ïŒ Decrypted
è¡ã®åã«æ¹è¡ãååŸããçç±ã¯ããããŸãããã倧ããããšã§ã¯ãããŸããïŒã
ããã¯ç§ã®ããã«åãã
#encrypt the password: TestReadWrite text in the test.txt file
aws kms encrypt --key-id cfc7acf7-4f20-49c3-aa11-8be4cdc3291d --plaintext fileb://test.txt --output text | base64 --decode > out.txt
#decrypt the password: TestReadWrite
aws kms decrypt --ciphertext-blob fileb://out.txt --output text --query Plaintext | base64 --decode
ç§ãåæ§ã®åé¡ãæ±ããŠããŸããããããŒãã¯æ¬¡ã®ããšãå©ããŸããã
'use strict';
const KMS = require('aws-sdk').KMS;
const fs = require('fs');
const kms = new KMS({
apiVersion: '2014-11-01',
// region: 'eu-west-1'
});
function encrypt(params) {
return kms.encrypt(params).promise();
}
const arn = 'arn:aws:kms:xxx';
encrypt({
KeyId: arn,
Plaintext: fs.readFileSync('/path/to/key.pem')
})
.then(data => fs.writeFileSync('/path/to/key.json', JSON.stringify(data)));
@thegranddesignã®ãœãªã¥ãŒã·ã§ã³ã«é¢ããå¥ã®æ³šæ- <(cmd)
ã¯bashismã§ãããPOSIXã«æºæ ããŠããªããããbashããªãã·ã§ã³ã§ãªãå Žåã¯ãå¥ã®ãœãªã¥ãŒã·ã§ã³ã䜿çšããå¿
èŠããããŸãã
ããã¯æ°ãé ããªãã»ã©éŠ¬é¹¿ãããã°ã§ãããå®éã«ä¿®æ£ããããŸã§ã¯ãŸã éããŠããã¯ãã§ãã 1ã€ã®åœ¢åŒãåºåã«äœ¿çšããå®å šã«ç°ãªãïŒäºææ§ã®ãªãïŒåœ¢åŒãå ¥åã«äœ¿çšãã察称æäœãå®è¡ããããŒã«ãæ§ç¯ããããšã¯ã巚倧ãªã¢ã³ããã¿ãŒã³ã§ãã å ¥åãšããŠèªèº«ã®åºåãæ¶è²»ã§ããªã察称ããŒã«ã¯å£ããŠããŸãã ãããå®éã«æå³ãããšããã«æ©èœããŠãããã©ããã¯é¢ä¿ãããŸãããããŸã å£ããŠããŸãã ããŒã«ã¯ãçã®ãã€ããªå ¥åã«äŸåããŠããå Žåãããã©ã«ãã§çã®ãã€ããªåºåãçæããå¿ èŠããããŸããããã§ãªãå Žåã¯ãæ瀺çãªbase64ãã³ãŒãæé ãç¹å¥ãªãã©ã¡ãŒã¿ãæå®ããã«ãçæãããbase64ãšã³ã³ãŒãå ¥åãæ¶è²»ã§ããã¯ãã§ãããã®åºåãçæããããã«ãå¿ èŠã§ãïŒãŸãã¯ãåãæ£ç¢ºãªãã©ã¡ãŒã¿ãŒã䜿çšããªãå Žåã¯ã¢ã³ããã©ã¡ãŒã¿ãŒïŒã ãããã®base64ãšã³ã³ãŒãã£ã³ã°ã®ãããããæå®ããã«ãaws kmsencryptã䜿çšããŠbase64ãšã³ã³ãŒãæå·åãã€ããŒãã®base64ãšã³ã³ãŒãåºåãçæã§ããã®ã¯ã°ãããããšã§ã¯ãããŸããããååŸããã«ã¯ãæå·åããŒã¿ãšåŸ©å·åããŒã¿ã®äž¡æ¹ãæ瀺çã«base64ãã³ãŒãããå¿ èŠããããŸãæåã«æäŸãããã©ãŒã ã«æ»ããŸãã ãã®ããã«ã¯ãæå·åããã³åŸ©å·åãµãã³ãã³ãã®ã¬ãã«ã§ãææžåãããŠããªãã³ãã³ãã©ã€ã³ãã©ã¡ãŒã¿ã䜿çšããå¿ èŠããããããç解ãã¯ããã«å°é£ã«ãªããŸãã ãŠãŒã¶ãŒã¯ãæå·å/埩å·åã¯ã©ã€ã¢ã³ãã§èª°ãããããããšæããããããªãæãæçœãªããšã1ã€å®è¡ããæ¹æ³ãç解ããããšããŠæéãç¡é§ã«ããããšãã»ãšãã©ä¿èšŒãããŠããŸã-ã³ãã³ãã©ã€ã³ãã©ã¡ãŒã¿ã§æå®ãããæååãæå·åããŠãã埩å·åããŸã-ãããŠå®å šã«ããŒã«ã®ãã2ã€ã®ãµãã³ãã³ãã察称ã§ãããšæ³å®ãããŠããã«ãããããããåºåãå ¥åãšäºææ§ããªãåäœã¢ãŒããå£ããŠããŸãã ä¿®æ£ããã«ãããéãããšã䜿ãããããéçºè ã®å¹çã«ã€ããŠãŸã£ããå¿é ããå¿ èŠããªãããšãããããŸãã
ããã解決ããå¥ã®æ¹æ³ïŒ @thegranddesignãæ°å¹Žåã«è¿°ã¹ããããªæ°ãããã©ã°ãšã¯å¯Ÿç
§çã«ïŒã¯ã /
ãæå¹ãªbase64æåã§ã¯ãªããjsonã§ãã€ããªããŒã¿ãæå®ããæå¹ãªæ¹æ³ããªãããšã§ãã ãããã£ãŠïŒ
/
ãå«ãŸããŠããå Žåã¯ããã¹ãšããŠè§£æããŸãã fileb://
ãçŸåšã®åäœãå®è¡ããŠããå Žåã file://
ã¯b64ã§ãšã³ã³ãŒãã§ããŸãããã ãã@ sgendler-stemã«åæããŸããããã®ãã±ããã¯ãKMSã䜿çšããç§ãåãçµãã ãã¹ãŠã®ãããžã§ã¯ãã«ãªã³ã¯ãããŠããŸããããã¯ãåå ããããšãã人ã«ãšã£ãŠã¯åžžã«åé¡ã«ãªãããã§ãã
ããã¯æ°ãé ããªãã»ã©éŠ¬é¹¿ãããã°ã§ãããå®éã«ä¿®æ£ããããŸã§ã¯ãŸã éããŠããã¯ãã§ãã 1ã€ã®åœ¢åŒãåºåã«äœ¿çšããå®å šã«ç°ãªãïŒäºææ§ã®ãªãïŒåœ¢åŒãå ¥åã«äœ¿çšãã察称æäœãå®è¡ããããŒã«ãæ§ç¯ããããšã¯ã巚倧ãªã¢ã³ããã¿ãŒã³ã§ãã å ¥åãšããŠèªèº«ã®åºåãæ¶è²»ã§ããªã察称ããŒã«ã¯å£ããŠããŸãã ãããå®éã«æå³ãããšããã«æ©èœããŠãããã©ããã¯é¢ä¿ãããŸãããããŸã å£ããŠããŸãã ããŒã«ã¯ãçã®ãã€ããªå ¥åã«äŸåããŠããå Žåãããã©ã«ãã§çã®ãã€ããªåºåãçæããå¿ èŠããããŸããããã§ãªãå Žåã¯ãæ瀺çãªbase64ãã³ãŒãæé ãç¹å¥ãªãã©ã¡ãŒã¿ãæå®ããã«ãçæãããbase64ãšã³ã³ãŒãå ¥åãæ¶è²»ã§ããã¯ãã§ãããã®åºåãçæããããã«ãå¿ èŠã§ãïŒãŸãã¯ãåãæ£ç¢ºãªãã©ã¡ãŒã¿ãŒã䜿çšããªãå Žåã¯ã¢ã³ããã©ã¡ãŒã¿ãŒïŒã ãããã®base64ãšã³ã³ãŒãã£ã³ã°ã®ãããããæå®ããã«ãaws kmsencryptã䜿çšããŠbase64ãšã³ã³ãŒãæå·åãã€ããŒãã®base64ãšã³ã³ãŒãåºåãçæã§ããã®ã¯ã°ãããããšã§ã¯ãããŸããããååŸããã«ã¯ãæå·åããŒã¿ãšåŸ©å·åããŒã¿ã®äž¡æ¹ãæ瀺çã«base64ãã³ãŒãããå¿ èŠããããŸãæåã«æäŸãããã©ãŒã ã«æ»ããŸãã ãã®ããã«ã¯ãæå·åããã³åŸ©å·åãµãã³ãã³ãã®ã¬ãã«ã§ãææžåãããŠããªãã³ãã³ãã©ã€ã³ãã©ã¡ãŒã¿ã䜿çšããå¿ èŠããããããç解ãã¯ããã«å°é£ã«ãªããŸãã ãŠãŒã¶ãŒã¯ãæå·å/埩å·åã¯ã©ã€ã¢ã³ãã§èª°ãããããããšæããããããªãæãæçœãªããšã1ã€å®è¡ããæ¹æ³ãç解ããããšããŠæéãç¡é§ã«ããããšãã»ãšãã©ä¿èšŒãããŠããŸã-ã³ãã³ãã©ã€ã³ãã©ã¡ãŒã¿ã§æå®ãããæååãæå·åããŠãã埩å·åããŸã-ãããŠå®å šã«ããŒã«ã®ãã2ã€ã®ãµãã³ãã³ãã察称ã§ãããšæ³å®ãããŠããã«ãããããããåºåãå ¥åãšäºææ§ããªãåäœã¢ãŒããå£ããŠããŸãã ä¿®æ£ããã«ãããéãããšã䜿ãããããéçºè ã®å¹çã«ã€ããŠãŸã£ããå¿é ããå¿ èŠããªãããšãããããŸãã
@ sgendler-stemã«å®å šã«åæããå¿ èŠããããŸã-ã³ãŒããåºåãçæããå Žåãå°ãªããšããããå ¥åãšããŠåãåãããšãã§ããã¯ãã§ãã
ãã ããããã ãã§ã¯ãããŸããã æå·åãSDKãä»ããŠè¡ãããå Žåãæå·åããããã¡ã€ã«ã®æåŸã«å¥åŠãªarn
ãè¿œå ãããšã base64以å€ã®arn
åé€ããåŸã§ããCLIã¯ããã埩å·åã§ããŸããã urlã ããã¯å£ããŠããŸãã
åã³åæããã ããã¯ç©äºãäžå¿ èŠã«èç«ãããŸããã
ããã¯å®éã«éããŠããŸããïŒ ã©ãããŠïŒ ããããªãŒãã³ããŠãã4幎ã«ãªããšã¯ä¿¡ããããŸããããã£ãŒãããã¯ã¯ãæå³ãããšããã«æ©èœããããšãã人ã ãã®ããã§ãã ããããããã¯ã¯ãœã§ã¯ãããŸããã @ sgendler-stemã¯çãå°ãŠããŸãããããã¯å®å šã«å£ããŠããŸãã 責任ã®ããããŒã ãèªåèªèº«ã«ã€ããŠæ°åãæªãããšãé¡ã£ãŠããŸãã
åãäŸå€ã«çŽé¢ããŸãïŒ
botocore.errorfactory.InvalidCiphertextExceptionïŒåŸ©å·åæäœã®åŒã³åºãäžã«ãšã©ãŒãçºçããŸããïŒInvalidCiphertextExceptionïŒïŒ
äžå€ïŒ
ããŒ= b64decodeïŒkeyïŒ
response = client.decryptïŒ
CiphertextBlob = key
ïŒ
encrypt
ã generate-data-key
ãªã©ã®åºåããã£ãŒã«ãCiphertextBlob
åŒã³åºããªãã£ãå Žåãããã¯ããã»ã©ã€ã©ã€ã©ããªããšæããŸãã å
¥åãããšdecrypt
ãšãåŒã°ãã--ciphertext-blob
ããã®æå·æããããç°ãªã£ãŠç¬Šå·åããå¿
èŠãããããšã培åºçã«çŽæçã§ãã
decrypt
ã®ãã©ã°ã®ååãç°ãªãå Žåã¯ããšã³ã³ãŒãã£ã³ã°ãç°ãªãããšã瀺åããŠããŸãã
ããã§åŸ©å·åããbase64ãšã³ã³ãŒãå ¥åã®æ©èœææ¡ããããŸãhttps://github.com/aws/aws-cli/issues/2063
@ojitha
埩å·åäžã«key-idããã©ã¡ãŒã¿ãŒãšããŠæž¡ããªããããkmsã¯åŸ©å·åã«äœ¿çšããæå·åããŒãã©ã®ããã«èªèããŸããã
@ arpit728è¿ãããCipherTextBlobã¯ãç¹å®ã®CMKã®KeyIDã«
解決ãããŸã§ãã®ãã±ãããå床éããŠãã ããïŒ
ãã®ãã±ãããèŠã€ãããŸã§ãããã§äœæéãéãã ã æå·åãšåŸ©å·åã®éã§ç©äºãã©ã®ããã«æ£ç¢ºã«ã³ãŒãã£ã³ã°ããã³å€æããå¿ èŠããããã瀺ãå ¬åŒããã¥ã¡ã³ãã¯ãããŸããïŒ
äœãèµ·ãã£ãŠãããã«ã€ããŠã®ã»ãã®å°ãã®èæ¯æ å ±ïŒ
1.6.6ã§ã¯ã以åã«ãšã³ã³ãŒãããŠãããblobãã¿ã€ããbase64ã§ãšã³ã³ãŒãããŠããªãã£ããªã°ã¬ãã·ã§ã³ãä¿®æ£ããŸããã ãã®çµæããblobãã¿ã€ããšããŠããŒã¯ããããã©ã¡ãŒã¿ã«çã®ãã€ããªãã€ããæå®ããå¿ èŠããããå éšçã«ã¯èªåçã«base64ã§ãšã³ã³ãŒããããŸãã ããã¯ãããŒæå·åãã©ãŠã³ãããªããããã«ã¯ãæåã«base64ããã³ãŒãããå¿ èŠãããããšãæå³ããŸãã
$ aws kms encrypt --key-id <key-id> --plaintext "abcd" --query CiphertextBlob --output text | base64 -D > /tmp/encrypted-file $ echo "Decrypted: $(aws kms decrypt --ciphertext-blob fileb:///tmp/encrypted-file --query Plaintext --output text | base64 -D)" Decrypted: abcd
ãã®äŸã§ã¯ããã€ããªã³ã³ãã³ããå«ããã¡ã€ã«ã§ããããã
fileb://
ãã¬ãã£ãã¯ã¹ã䜿çšããŠããŸãã
ãã®äŸã¯æ¬¡ãè¿ããŸãïŒ
埩å·åæäœãåŒã³åºããšãã«ãšã©ãŒãçºçããŸããïŒInvalidCiphertextExceptionïŒã
埩å·åïŒ
`aws kms Encryption --key-id arnïŒawsïŒkmsïŒeu-west-1werwerwjlïŒkey / xxxyyyy --plaintext" abcd "--query CiphertextBlob --output text | base64 -d> ./ encrypted-file
echo "埩å·åïŒ$ïŒaws kms埩å·å--ciphertext-blobãã¡ã€ã«bïŒ./æå·åãã¡ã€ã«--queryãã¬ãŒã³ããã¹ã-åºåããã¹ã| base64 --decodeïŒ"
`
ubuntuã§è©ŠããŠã¿ãŸããã 誰ããæ確ãªããã¥ã¡ã³ããäŸïŒãµã€ããªã©ãžã®ãªã³ã¯ïŒãç¥ã£ãŠãããªããç§ã¯ãšãŠãæè¬ããŠããŸãïŒ
ç·šéïŒãã®èšäºã®ãã³ãã䜿çšããŠæå·åãšåŸ©å·åãæ©èœãããŸããïŒ https ïŒ
åèãŸã§ã«ãäžèšã®ãªã³ã¯ã¯æ©èœããŸãããããã®èšäºã¯éåžžã«åœ¹ç«ã€ããã§ãããããå ¥æã§ããŸãã
æãåèã«ãªãã³ã¡ã³ã
åŸã§ããã«æ¥ã人ã®ããã«ãæå·æããã¡ã€ã«ã«ä¿åããã«ãããè¡ãããã«ãããªãã¯ããããšãã§ããŸãïŒ
泚ïŒä»¥äžã®@hauntingEchoã§ææãããŠ
<(cmd)
ã¯POSIXã«æºæ ããŠããªããããsh
ã䜿çšããŠããå Žåã¯æ©èœããŸããããbash
ãšzsh
æ£åžžã«æ©èœããŸãã