Decrypt issue

Question

jai-galgal opened this issue 3 years ago · 2 comments

I tried the SDK with Python 3.8 & 3.9 for AWS lambda, but it didn't work even though I created the Lambda layer using AWS CloudShell to avoid OS conflicts.
I tried the SDK with Python 3.7 and it worked for Encrypt but while trying Decrypt, it throws an error as:
File "/opt/python/aws_encryption_sdk/streaming_client.py", line 995, in close
raise SerializationError("Footer not read")
aws_encryption_sdk.exceptions.SerializationError: Footer not read
[ERROR] DecryptKeyError: Unable to decrypt any data key.

Sample Code I am using:
client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT)

Create a master key provider for the KMS key

master_key_provider = aws_encryption_sdk.StrictAwsKmsMasterKeyProvider(key_ids=[KMS_KEY_ARN_VALUE]])

my_plaintext = b'This is some super secret data! Yup, sure is!'

#Encrypt
ciphertext, encryptor_header = client.encrypt(source=my_plaintext, key_provider=master_key_provider)

#Decrypt
cycled_plaintext, decrypted_header = client.decrypt(source=ciphertext, key_provider=master_key_provider)

Can you please suggest a possible issue and fix:

Answer 1 · 2023-07-06T16:00:44.000Z

I have some thoughts and questions for you:

I wonder if you lack permissions on your KMS key.
Could you try setting KMS_KEY_ARN_VALUE to arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f?
This is a public KMS key ARN. Anyone should have access to encrypt and decrypt data with it.
If this ARN works, I'd suggest you take a look at the permissions you have on your KMS key, and verify you can encrypt and decrypt with it.
Do you have the same issue with Python 3.8 and 3.9, or a different issue?
If it's a different issue, what are you seeing?
I suspect you meant python and not php in the last 2 bullets, but please correct me if that's wrong.

Thanks,
Lucas

Answer 2 · 2023-07-07T04:59:58.000Z

Hi Lucas.

Thanks for your reply.

Thanks Again.