廢話不多,先自己看一下kms的相關文章:
https://aws.amazon.com/tw/kms/
解決上述問題的實作,可以參考:
https://java.awsblog.com/post/TxRE9V31UFN860/Secure-Local-Development-with-the-ProfileCredentialsProvider
http://docs.aws.amazon.com/kms/latest/developerguide/programming-encryption.html
這邊卡關了一下子,因為一直想把ciphertext bytebuffer 用 new String(bytes, charset)方式轉成字串,得到的結果就是一些看不懂的亂碼。
解決辦法就是在轉字串前,先將加密的byte buffer用base64 encode過後,再轉成一般字串;解密時當然就是再用base64 decode再wrap成byte buffer就可以拉。範例程式碼如下:
public String encrypt(String plainInput) {
ByteBuffer plaintext = ByteBuffer.wrap(plainInput.getBytes(StandardCharsets.US_ASCII));
EncryptRequest req = new EncryptRequest().withKeyId(keyId).withPlaintext(plaintext);
ByteBuffer ciphertext = kms.encrypt(req).getCiphertextBlob();
return new String(new Base64().encode(ciphertext.array()));
}
public String decrypt(String cipherInput) {
ByteBuffer ciphertextBlob = ByteBuffer.wrap(new Base64().decode(cipherInput));
DecryptRequest req = new DecryptRequest().withCiphertextBlob(ciphertextBlob);
ByteBuffer plainText = kms.decrypt(req).getPlaintext();
return new String(plainText.array(), StandardCharsets.US_ASCII);
}
