Here is my code:
const AWS = require('aws-sdk');
const btoa = require('btoa');
let kms = new AWS.KMS({
accessKeyId: 'redacted',
secretAccessKey: 'redacted',
region: 'us-east-1'
});
let params = {
KeyId: 'redacted',
Plaintext: 'abcde'
};
let encrypted = kms.encrypt(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
let x = {
CiphertextBlob: data.CiphertextBlob
};
kms.decrypt(x, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(btoa(data.Plaintext)); // successful response
});
}
});
I am just trying to encrypt the string abcde and then decrypt it, but this is not working. For awhile I was getting InvalidCipherException, but now the output of console.log(btoa(data.Plaintext)); is YWJjZGU=.
I cannot fathom what I'm doing wrong here but I suspect it has to do with base64 encoding. I have tried so many variants on this code but cannot deduce the problem. Does anyone see what I'm doing wrong here?
I was using btoa when I should have been using atob. I would swear I already tried that, but who can say.
Since I thought atob was ASCII to Binary, I can't account for how I'm getting plaintext with a function that's supposed to give binary, but...it worked, so.
Edit: Thinking of it as ASCII to Binary is misleading. It's more like "transmission format" to "original content," whatever that content was.
The KMS.decrypt method wants a binary string, which is the "original content" here. KMS.encrypt base64-encoded the encrypted string for transmission, and KMS.decrypt expects it to be coded out of that format before being given as a parameter.