尝试使用 AWS KMS 客户端从 Java 应用程序中解密密文。我可以使用命令行使用此命令获取明文值
aws kms decrypt --ciphertext-blob fileb://<(echo "AQICAHhQoQKI7DHhSjurtJ5l16Ti5tLXuHgI7e1RBO+bzfXslgH+QBBjbCbdtHDmILDAXZ5MAAAAZTBjBgkqhkiG9w0BBwagVjBUAgEAME8GCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMJ/bb9e0MrMYZ3CVrAgEQgCKMSh5cGRzlZeADspZArSYDlVABnxjye7TSDvRnfBikkZGe" | base64 -D) --output text --query Plaintext --region eu-west-1 | base64
这是我的 java 代码,它返回了一些稍微少一点的哈希值
final String encryptedCipherText = "AQICAHhQoQKI7DHhSjurtJ5l16Ti5tLXuHgI7e1RBO+bzfXslgH+QBBjbCbdtHDmILDAXZ5MAAAAZTBjBgkqhkiG9w0BBwagVjBUAgEAME8GCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMJ/bb9e0MrMYZ3CVrAgEQgCKMSh5cGRzlZeADspZArSYDlVABnxjye7TSDvRnfBikkZGe";
AWSKMS kmsClient;
kmsClient = AWSKMSClientBuilder
.standard()
.withRegion("eu-west-1")
.build();
ByteBuffer cipherTextBlob = ByteBuffer.wrap(Base64.getDecoder().decode(encryptedCipherText));
DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(cipherTextBlob);
ByteBuffer key = kmsClient.decrypt(decryptRequest).getPlaintext();
final byte[] bytes = new byte[key.remaining()];
key.duplicate().get(bytes);
String result = Base64.getEncoder().encodeToString(bytes);
System.out.println("decrypted plaintext value: " + result);
注意 - 如果我从上面提到的 AWS CLI 命令中删除 base64 -D
,我会得到与 java 解密函数返回的值相同的值。
最佳答案
能够使用此代码获取值
AWSKMS kmsClient;
kmsClient = AWSKMSClientBuilder
.standard()
.withRegion("eu-west-1")
.build();
ByteBuffer cipherTextBlob = ByteBuffer.wrap(Base64.getDecoder().decode(cipherTextBlob));
DecryptRequest req = new DecryptRequest().withCiphertextBlob(cipherTextBlob);
ByteBuffer plainText = kmsClient.decrypt(req).getPlaintext();
return new String(plainText.array());
关于java - 在java中将KMS CipherText blob解密为纯文本,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57869408/