1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
1
Download the object from S3: You will need to use an AWS SDK or CLI command. This will automatically decrypt the server-side encryption layer if your permissions are set up correctly
aws s3 cp s3://mybucket/myobject .
Decrypt the second encryption layer: For the second decryption, you will need to use the Decrypt operation provided by the KMS API. The exact code will depend on which programming language and AWS SDK you are using.
aws kms decrypt --ciphertext-blob fileb://my_encrypted_file --output text --query Plaintext | base64 --decode > my_decrypted_file
It's worth mentioning that decrypting the file locally (outside AWS environment) would require you to have the necessary KMS keys in your local environment which may not be feasible or secure in many cases, since the KMS key's purpose is to be kept secret and not distributed.
Conteúdo relevante
- AWS OFICIALAtualizada há 6 meses
- AWS OFICIALAtualizada há 8 meses