Skip to content

epomatti/aws-kms-data-key

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
services
services
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cspell.json
cspell.json
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
hello.txt
hello.txt
 
 
hello5kb.txt
hello5kb.txt
 
 
main.go
main.go
 
 
reference.md
reference.md
 
 

Repository files navigation

AWS KMS Data Key

This code will create a KMS key and generate a Data Key for encryption and decryption.

The envelope encryption process looks like this:

sequenceDiagram
    Client->>+AWS KMS: Create KMS Key
    Client->>+AWS KMS: Generate data key
    AWS KMS-->>-Client: Data key
    Client->>+Client: Encrypt content with data key
    Client->>+Client: Delete the unencrypted data key
    Client->>+Client: Envelope (append) encrypted data key and encrypted content

Build the executable:

go get
go build

Create the KMS key:

./main -action="createKey"

Create the key alias:

./main -action="createAlias"

Encrypt a file with 5KB using a Data Key (4KB is the limit for standard keys in KMS):

./main -action="encryptFile" -file="hello5kb.txt"

Decrypt the file:

./main -action="decryptFile" -file="tmp/hello5kb.txt.encrypted"

About

KMS encryption and decryption using Data Keys

Topics

go aws kms aws-security encryption-decryption

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages