0

I am trying to print the decrypted data with the encrypted data to verify that it is correct. 

session = botocore.session.get_session()
    client = session.create_client('kms',region_name = 'us-east-1',aws_access_key_id = '[YOUR ACCESS KEY]',aws_secret_access_key = '[YOUR SECRET ACCESS KEY]')

key_id = '[KEY ID]'
plaintext='[FILEPATH\FILENAME.CSV]'


ciphertext = client.encrypt(KeyId=key_id, Plaintext=plaintext)
ciphertextblob = ciphertext
decrypt_ciphertext = client.decrypt(CiphertextBlob = ciphertextblob)
print('Ciphertext: ' ciphertext)
print('Decrypted Ciphertext: 'decrypt_ciphertext)

When I run this code, the data is successfully encrypted, however, when it attempts to decrypt the data it gives me a Parameter Validation Failed error. Does anyone know why it gives this error or how to fix it?

A. Pearson
  • 191
  • 6
  • 20

1 Answers1

0

Parameter Validation errors from boto3/botocore come from the preprocessor that is constructing the request. So that will trigger before anything is sent to the actual service API.

In this case, if you ran the code exactly as in the question, you passed the entire encrypt response as the CiphertextBlob parameter, which would throw a Parameter Validation error because it expected a bytestring but received a dictionary. You need to pull the ciphertext out of the response and send just that.

ie: change ciphertextblob = ciphertext to ciphertextblob = ciphertext['CiphertextBlob']

This being said, from the contents of your example, it looks like you are trying to encrypt a file? The KMS service can only process up to 4096 bytes of data through the encrypt/decrypt APIs. If you need to encrypt larger amounts of data, you will need to use some form of envelope encryption. I would recommend the AWS Encryption SDK[1]. It was specifically designed to be as simple as possible to use securely and has built-in integrations with AWS KMS.

[1] https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html

mattsb42-aws
  • 276
  • 1
  • 4