Help needed using AWS Encryption SDK, Python and RSA Public/Private keys

0

Hi,
I've recently started using the AWS Encryption SDK with multiple KMS keys to encrypt and decrypt files.

I've now been asked to investigate using Public key encryption, so that we can have a mix of KMS master key and RSA master key providers. My thought this would be able to ensure that we can use our own KMS keys for decryption and allows a third party to supply us with their RSA Public key, which can then be referenced for them to decrypt offline.

I have reviewed the following example, https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/python-example-code.html#python-example-multiple-providers , which I thought should solve it for me, but have noted that only the private key portion of the key pair is used for both the encryption and decryption of the file.

I am really lost with how to use a public key to encrypt and a private key to decrypt.

Is anyone able to point me in the right direction?
Thanks

Edited by: WranglingData on Jun 28, 2020 10:32 PM

질문됨 4년 전409회 조회
2개 답변
0

Hi,

Take a look at this example for how to initialize a RawMasterKey with access to the public key and a RawMasterKey with access to the private key:
https://github.com/aws/aws-encryption-sdk-python/blob/keyring/examples/src/master_key_provider/multi/aws_kms_with_escrow.py

The RawMasterKey with access to the public key can be used for encryption, and the RawMasterKey with access to the private key can be used for decryption.

(Note that this links to example on one of our features branches. For future readers of this post, if this link is dead, look for this example on the master branch.)

AWS
답변함 4년 전
0

Hi,

Thanks. Works perfectly.

Curiously, I thought I had tried a pattern similar to that, but in all honesty I am no longer sure :)

Regardless, this is the tonic. I have also tried it with aws_encryption_sdk.stream(), as I will be dealing with bigger files and as expected, it worked perfectly.

I appreciate you taking the time to answer. Thanks!

답변함 4년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인