1 個回答
- 最新
- 最多得票
- 最多評論
1
Download the object from S3: You will need to use an AWS SDK or CLI command. This will automatically decrypt the server-side encryption layer if your permissions are set up correctly
aws s3 cp s3://mybucket/myobject .
Decrypt the second encryption layer: For the second decryption, you will need to use the Decrypt operation provided by the KMS API. The exact code will depend on which programming language and AWS SDK you are using.
aws kms decrypt --ciphertext-blob fileb://my_encrypted_file --output text --query Plaintext | base64 --decode > my_decrypted_file
It's worth mentioning that decrypting the file locally (outside AWS environment) would require you to have the necessary KMS keys in your local environment which may not be feasible or secure in many cases, since the KMS key's purpose is to be kept secret and not distributed.
相關內容
- AWS 官方已更新 2 年前
- AWS 官方已更新 6 個月前
- AWS 官方已更新 1 年前