-
-
Save ankitcharolia/e3de691443b01093cbff6ac7f35e4a31 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws kms encrypt --key-id xxxxxxxxxx-yyyy-xzzz-ssdd-ssssss \ | |
| --plaintext "Hello this is a test" \ | |
| --encryption-context Name=Department,Value=Derby \ | |
| --query CiphertextBlob \ | |
| --output text \ | |
| | openssl base64 -d > encrypted.txt | |
| decryptedbase64=$(aws kms decrypt --key-id xxxxxxxxxx-yyyy-xzzz-ssdd-ssssss \ | |
| --ciphertext-blob fileb://encrypted.txt \ | |
| --encryption-context Name=Department,Value=Derby \ | |
| --output text \ | |
| --query Plaintext \ | |
| ) | |
| echo $decryptedbase64 | |
| aws kms generate-data-key --key-id xxxxxxxxxx-yyyy-xzzz-ssdd-ssssss \ | |
| --key-spec AES_256 \ | |
| --query Plaintext \ | |
| --output text \ | |
| --profile awssec10 | openssl base64 -d > plainkeydecoded.txt | |
| openssl enc -e -aes256 -k fileb://plainkeydecoded.txt -in data.txt -out data.txt.enc | |
| openssl enc -d -aes256 -k fileb://plainkeydecoded.txt -in data.txt.enc -out data.txt.dec | |
| https://aws.amazon.com/premiumsupport/knowledge-center/import-keys-kms/ | |
| openssl rand -out PlaintextKeyMaterial.bin 32 | |
| export KEY=`aws kms --region us-east-1 get-parameters-for-import --key-id xxx-xxxxux-xxuxxx-xxxx --wrapping-algorithm RSAES_OAEP_SHA_256 --wrapping-key-spec RSA_2048 --query '{Key:PublicKey,Token:ImportToken}' --output text --profile awssec10` | |
| echo $KEY | awk '{print $1}' > PublicKey.b64 | |
| echo $KEY | awk '{print $2}' > ImportToken.b64 | |
| openssl enc -d -base64 -A -in PublicKey.b64 -out PublicKey.bin | |
| openssl enc -d -base64 -A -in ImportToken.b64 -out ImportToken.bin | |
| openssl pkeyutl -in PlaintextKeyMaterial.bin \ | |
| -out EncryptedKeyMaterial.bin \ | |
| -inkey PublicKey.bin \ | |
| -keyform DER \ | |
| -pubin -encrypt -pkeyopt rsa_padding_mode:oaep \ | |
| -pkeyopt rsa_oaep_md:sha256 | |
| aws kms --region us-east-1 import-key-material \ | |
| --key-id xxx-xxxxux-xxuxxx-xxxx \ | |
| --encrypted-key-material fileb://EncryptedKeyMaterial.bin \ | |
| --import-token fileb://ImportToken.bin \ | |
| --expiration-model KEY_MATERIAL_DOES_NOT_EXPIRE | |
| Asymmetric | |
| openssl rsautl -encrypt -oaep -in file.txt -out encrypted.txt -pubin -inkey publickey | |
| aws kms decrypt --key-id "xxxx-xuuuxx-xxixixx-dd" \ | |
| --encryption-algorithm RSAES_OAEP_SHA_1 --ciphertext-blob fileb://encrypted.txt \ | |
| --query Plaintext --output text --profile awssec10 | openssl base64 -d | |
| Asymmetric sign and verify | |
| aws kms sign --key-id "xxxx-xuuuxx-xxixixx-dd" \ | |
| --message fileb://file.txt --signing-algorithm RSASSA_PKCS1_V1_5_SHA_256 \ | |
| --query Signature --output text \ | |
| --profile awssec10 | openssl base64 -d > sign.txt | |
| # use file first, the verification would pass, then use a different file the verificaiton would fail. | |
| # this would help to see if the contents were tempered or not. | |
| aws kms verify --key-id "xxxx-xuuuxx-xxixixx-dd" \ | |
| --message fileb://file1.txt --signature fileb://sign.txt \ | |
| --signing-algorithm RSASSA_PKCS1_V1_5_SHA_256 \ | |
| --profile awssec10 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment