Decryption of encrypted S3 file using aws-encryption-cli --decrypt

Question

I am looking for a way to decrypt an already encrypted file using aws-encryption-cli --decrypt.

Is there a way I can specify the encrypted S3 object location? I am using role based decryption where the current role has permission to decrypt the object even if i do not specify the KMS key.

I was trying to use below command:

aws-encryption-cli --decrypt --input s3://XXX/encryptedfile.text --encryption-context purpose=test --metadata-output ~/metadata --output .

Could you please help if you know about encryption/decryption using aws-cli

Many thanks in advance

score 4 · Answer 1 · edited Jun 20 '20 at 09:12

you have an option with AWS CLI AWS CLI Command Reference

For encryption :

Below command for upload your file or object with KMS KEY Please refer Stackoverflow question

aws s3 cp /home/ubuntu/Desktop/abc_count.png s3://mybucket/abc_count.png --sse aws:kms --sse-kms-key-id (KMS KEY with arn)

For Decrypt:

Below command for Decrypt file/object or download Encrypted file refer this document and also refer Question for get presign URL

Use command : aws s3 presign s3://mybucket/abc_count.png

you get presign URL for access uploaded file/object

Output : https://mybucket.s3.amazonaws.com/abc_count.png?AWSAccessKeyId=AKIAJXXXXXXXXXXXXXXX&Expires=1503602631&Signature=ibOGfAovnhIF13DALdAgsdtg2s%3D

than you can directly download Encrypted file/object using below command :

wget -P /home/ubuntu/Desktop/abc_count1.png "your presign URL"

Hope it will work.

Thanks for the reply. Let me try this – ASChakkalakal Jul 11 '18 at 22:31 — ASChakkalakal, Jul 11 '18 at 22:31

Decryption of encrypted S3 file using aws-encryption-cli --decrypt

1 Answers1