Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS KMS - Store/Use Ciphertext Blob

I'm just getting myself setup with the AWS Key Management Service and am calling the method generateDataKey. The method is working and returning the CiphertextBlob and the Plaintext blob.

However, the blobs are formatted something like:

�g�'��w�i�<��a*\B4p 1IG

I'm using the API so, according to the docs, it is not encoded. I'm trying to understand if the Plaintext can somehow be "decoded" in PHP so I can store it / use it without all the odd looking ASCII characters. What I was expecting was a long string of characters and not the special characters above. I feel like I'm missing something simple.

Thank you!

like image 543
Jason Avatar asked Oct 19 '22 08:10

Jason


1 Answers

The answer is a binary blob. These will need to be base64 encoded so that you'll get the expected result.

Sample code follows:

use Aws\Kms\KmsClient;

$options = [
    'region'                => 'eu-west-1',
    'version'               => '2014-11-01',
    'profile'               => 'default',
    'retries'               => 0,
    'scheme'                => 'https',
    'debug'                 => false
];

$kmsClient = new KmsClient($options);

$result = $kmsClient->generateDataKey([
    'KeyId' => '12345678-1234-1233-1234-1234567890ab',
    'KeySpec' => 'AES_256'
]);

echo base64_encode($result["CiphertextBlob"]);
echo "\r\n";
echo ($result["KeyId"]);
like image 172
Keith Goodlip Avatar answered Oct 21 '22 22:10

Keith Goodlip