aws kms decrypt the ciphertextblob

1
votes

a co-worker (who left the company) used the aws kms encrypt --key-id xxxx to encrypt a file ( called ciphertextblob ), I have key-id, and the ciphertext-blob, how can I decrypt the ciphertextblob?

Can I use python boto3 to decrypt it? if so, how?

2
amazon-web-servicesencryptionkey

2 Answers

4
votes

You should just be able to call the kms boto3 client decrypt method:

kms = boto3.client('kms', <region>)
response = kms.decrypt(CiphertextBlob=<ciphertext-blob>)

In the response you will have access to the plain text key response['Plaintext']

3
votes

If you have base64 encoded CiphertextBlob

import base64
import boto3

kmsclient = boto3.client('kms', region_name=<region>)
decrypted_value = kmsclient.decrypt(CiphertextBlob=base64.b64decode(<ciphertext-blob>))['Plaintext'].decode('utf-8'))