Help needed using AWS Encryption SDK, Python and RSA Public/Private keys

Question

Hi,  
I've recently started using the AWS Encryption SDK with multiple KMS keys to encrypt and decrypt files.  
  
I've now been asked to investigate using Public key encryption, so that we can have a mix of KMS master key and RSA master key providers.  My thought this would be able to ensure that we can use our own KMS keys for decryption and allows a third party to supply us with their RSA Public key, which can then be referenced for them to decrypt offline.  
  
I have reviewed the following example,   , which I thought should solve it for me, but have noted that only the private key portion of the key pair is used for both the encryption and decryption of the file.  
  
I am really lost with how to use a public key to encrypt and a private key to decrypt.  
  
Is anyone able to point me in the right direction?  
Thanks  
  
Edited by: WranglingData on Jun 28, 2020 10:32 PM

Answer

Hi,  
  
Take a look at this example for how to initialize a RawMasterKey with access to the public key and a RawMasterKey with access to the private key:  
https://github.com/aws/aws-encryption-sdk-python/blob/keyring/examples/src/master_key_provider/multi/aws_kms_with_escrow.py  
  
The RawMasterKey with access to the public key can be used for encryption, and the RawMasterKey with access to the private key can be used for decryption.  
  
(Note that this links to example on one of our features branches. For future readers of this post, if this link is dead, look for this example on the master branch.)

Answer

Hi,  
  
Thanks.  Works perfectly.  
  
Curiously, I thought I had tried a pattern similar to that, but in all honesty I am no longer sure :)  
  
Regardless, this is the tonic.  I have also tried it with aws_encryption_sdk.stream(), as I will be dealing with bigger files and as expected, it worked perfectly.  
  
I appreciate you taking the time to answer.  Thanks!

Help needed using AWS Encryption SDK, Python and RSA Public/Private keys

相關內容