kms.py 文件源码

python
阅读 24 收藏 0 点赞 0 评论 0

项目:aws-encryption-sdk-python 作者: awslabs 项目源码 文件源码
def _decrypt_data_key(self, encrypted_data_key, algorithm, encryption_context=None):
        """Decrypts an encrypted data key and returns the plaintext.

        :param data_key: Encrypted data key
        :type data_key: aws_encryption_sdk.structures.EncryptedDataKey
        :type algorithm: `aws_encryption_sdk.identifiers.Algorithm` (not used for KMS)
        :param dict encryption_context: Encryption context to use in decryption
        :returns: Decrypted data key
        :rtype: aws_encryption_sdk.structures.DataKey
        :raises DecryptKeyError: if Master Key is unable to decrypt data key
        """
        kms_params = {
            'CiphertextBlob': encrypted_data_key.encrypted_data_key
        }
        if encryption_context:
            kms_params['EncryptionContext'] = encryption_context
        if self.config.grant_tokens:
            kms_params['GrantTokens'] = self.config.grant_tokens
        # Catch any boto3 errors and normalize to expected DecryptKeyError
        try:
            response = self.config.client.decrypt(**kms_params)
            plaintext = response['Plaintext']
        except (ClientError, KeyError):
            error_message = 'Master Key {key_id} unable to decrypt data key'.format(key_id=self._key_id)
            _LOGGER.exception(error_message)
            raise DecryptKeyError(error_message)
        return DataKey(
            key_provider=self.key_provider,
            data_key=plaintext,
            encrypted_data_key=encrypted_data_key.encrypted_data_key
        )
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号