0

I need to encrypt some text strings using keys on client side and then decrypt this encrypted string on server side using the same key used for encryption on client side.

So the way I understand this, AWS KMS is built on top of AES.

So can I use AES encryption in Javascript using CryptoJS on client and AWS KMS SDK on server to decrypt it?

The reason for this question is that I can use AWS Javascript SDK on client (browser) side, but... I think AWS Javascript SDK will be probably having large memory footprint. And I do not want to initialize AWS config etc on client side either (not sure if I have to do this for just using single encrypt function from AWS KMS JS SDK). CryptoJS appears to be more slick and has small memory footprint. And it supports AES. I want to keep my task to the minimum... as the main goal here is to do client side encryption and then decrypt it on server using symmetric encryption.

Andy
  • 2,493
  • 6
  • 37
  • 63

2 Answers2

1

It would be coincidence if the two implementations would match. Usually it will not match as AES is only the crypto algorithm, however those crypto frameworks use more than that. Therefore all the other algorithms have to match, too:

  1. The used key derivation algorithm (creates the AES key from the provided password)
  2. The used cipher mode. There are very different cipher modes (ECB, CBC, OFB, GCM, ...) resulting in totally different cipher texts
  3. The used padding (if required by the cipher mode)

Only if those three algorithms are the same on client and server side you will be able to encrypt with one framework and decrypt with the other.

Robert
  • 39,162
  • 17
  • 99
  • 152
1

The AWS Encryption SDK for JavaScript is designed to provide a client-side encryption library for developers who are writing web browser applications in JavaScript or web server applications in Node.js.

https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/example-browser

Sebastian Louis
  • 11
  • 1