我希望在python中使用aws_encryption_sdk加密一些秘密文本。然而,我在解密时看到一些不需要的字符。我使用java版本的sdk之前,我没有看到任何这种问题,下面是我的代码。
import aws_encryption_sdk
from aws_encryption_sdk import CommitmentPolicy
import botocore.session
import pytest
import base64
def cycle_string(key_arn, source_plaintext, botocore_session=None):
client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT)
kms_kwargs = dict(key_ids=[key_arn])
print(kms_kwargs)
if botocore_session is not None:
kms_kwargs["botocore_session"] = botocore_session
master_key_provider = aws_encryption_sdk.StrictAwsKmsMasterKeyProvider(**kms_kwargs)
# Encrypt the plaintext source data
ciphertext, encryptor_header = client.encrypt(source=source_plaintext, key_provider=master_key_provider)
# print(ciphertext, encryptor_header)
# Decrypt the ciphertext
encrrtext=base64.b64encode(ciphertext)
encrciphertext=base64.b64decode(encrrtext)
cycled_plaintext, decrypted_header = client.decrypt(source=encrciphertext, key_provider=master_key_provider)
# print(cycled_plaintext, decrypted_header)
print(encrrtext)
print(cycled_plaintext)
print(source_plaintext)
# Verify that the "cycled" (encrypted, then decrypted) plaintext is identical to the source plaintext
assert cycled_plaintext == source_plaintext
# Verify that the encryption context used in the decrypt operation includes all key pairs from
# the encrypt operation. (The SDK can add pairs, so don't require an exact match.)
#
# In production, always use a meaningful encryption context. In this sample, we omit the
# encryption context (no key pairs).
assert all(
pair in decrypted_header.encryption_context.items() for pair in encryptor_header.encryption_context.items()
)
plaintext = "hello there"
cmk_arn = "<arn>"
cycle_string(key_arn=cmk_arn, source_plaintext=plaintext, botocore_session=botocore.session.Session())
O/P:
b'hello there'
hello there
我希望它返回与源相同的文本。对此有任何帮助将不胜感激
似乎SDK返回一个字节串。打印时,python通过添加b''部分来表示这些。您可以通过在断言前添加cycled_plaintext = cycled_plaintext.decode('UTF-8')将字节字符串转换为正常字符串。