我試圖使用AWS KMS加密文本並創建PowerShell腳本。所以我用New-KMSDataKey
來加密我的KMS主密鑰,它在輸出中返回plaintextDataKey
和ciphertextblob
。如何使用AWS Powershell腳本中的KMS密鑰加密數據
我現在用的plaintextDataKey
使用Invoke-KMSEncrypt
加密我的明文,但我得到無效的操作錯誤,如下圖所示:
下面是我的腳本:
param([string]$zonesecret, [string]$KMSKey, [string]$Keyspec, [string]$region= 'us-east-1', [string]$AccessKey, [string]$SecretKey)
# splat
$splat = @{KeyId=$KMSKey; KeySpec=$Keyspec; Region=$region}
# generate a data key
$datakey = New-KMSDataKey @splat
$plaintextDataKey = [Convert]::ToBase64String($datakey.Plaintext.ToArray())
$encryptedDataKey = [Convert]::ToBase64String($datakey.CiphertextBlob.ToArray())
Write-Host $plaintextDataKey
Write-Host $encryptedDataKey
#encrypt using aes-256; pass zonesecret and plaintextDataKey
# memory stream
[byte[]]$byteArray = [System.Text.Encoding]::UTF8.GetBytes($zonesecret)
$memoryStream = New-Object System.IO.MemoryStream($byteArray,0,$byteArray.Length)
$splat = @{Plaintext=$memoryStream; KeyId=$plaintextDataKey; Region=$region;}
if(![string]::IsNullOrEmpty($AccessKey)){$splat += @{AccessKey=$AccessKey;}}
if(![string]::IsNullOrEmpty($SecretKey)){$splat += @{SecretKey=$SecretKey;}}
# encrypt
**$encryptedMemoryStream = Invoke-KMSEncrypt @splat** # ERROR:
Write-Host $encryptedMemoryStream
$base64encrypted = [System.Convert]::ToBase64String($encryptedMemoryStream.CiphertextBlob.ToArray())
Write-Host $base64encrypted
能有什麼我確實做對了嗎?我在這裏做錯了什麼?這裏沒有其他cmdlet來加密數據:http://docs.aws.amazon.com/powershell/latest/reference/Index.html
任何人都可以請幫忙嗎?我如何使用上面的明文數據密鑰來加密我的內容?