Data encryption using AWS KMS Key

Customer Master Key (CMK) vs Data Key

Step 1: Creating the CMK in AWS console

Step 2: Encrypt data using AWS KMS CLI

$ echo "my website:" > plaintext.txt 
$ base64 -i plaintext.txt -o plaintext.bin
aws kms encrypt --key-id alias/demo --plaintext fileb://plaintext.bin 
{ "CiphertextBlob":"AQICAHhafwr0R1gD87hzIMWvZg4iolG3wyPx5ACoDbngRFUo2QGfroeBVinLA9Hw5AWTpCkEAAAAmzCBmAYJKoZIhvcNAQcGoIGKMIGHAgEAMIGBBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDNucopAAyw7639WqLgIBEIBUWd1u6wj5Uogdzwp9YTunH1Gc+s93/SH63BOk/S9fGOPL4S3fViRBClxFyF6hYQsJtl1beg0It5aW/mFp7ldtD0kmn/wKizC59lue5TMCpAwljji5",
"KeyId": "arn:aws:kms:ap-southeast-1:298942976044:key/caaed47a-5151-4b6b-8542-39698bd76d38",
"EncryptionAlgorithm": "SYMMETRIC_DEFAULT"
$ aws kms encrypt --key-id alias/demo --plaintext fileb://plaintext.txt --query CiphertextBlob --output text | base64 -d > encrypted.txt 
$ ls
encrypted.txt plaintext.bin plaintext.txt

Step 3: Decrypt the data

$ aws kms decrypt --ciphertext-blob fileb://encrypted.txt 
"KeyId": "arn:aws:kms:ap-southeast-1:298942976044:key/caaed47a-5151-4b6b-8542-39698bd76d38",
"Plaintext": "bXkgd2Vic2l0ZTogaHR0cHM6Ly90ZWNoLmRhdmlkLWNoZW9uZy5jb20K",
"EncryptionAlgorithm": "SYMMETRIC_DEFAULT"
$ aws kms decrypt --ciphertext-blob fileb://encrypted.txt --query Plaintext --output text | base64 -d > decrypted.txt 
$ cat decrypted.txt
my website:




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The Future of Privacy Preserving Credit Scoring

EVA Listed on Uniswap

NMAP commands for scanning remote hosts

Cybercrimes with Confusion Matrices

When You Buy a Mattress what To Thinkof

Plumbers Don’t Know Hack

Google Chrome & the reinvigoration of browsers around privacy

The Human Threat in Cyber Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Cheong

David Cheong

More from Medium

The .gitlab-ci.yml file Configuration Explained

Automated EC2 Recovery With AWS Backup Restore

EC2 hosted Docker container with HTML & pushing image to ECR

How to connect to an AWS EC2 instance with no SSH keys or bastion hosts