mdelano · April 5, 2017 19:35
diff --git a/kms_data_key.js b/kms_data_key.js
 /**
 * The following is an example of creating encryption keys using AWS KMS.
 */

 var Q   = require('q');
 var AWS = require('aws-sdk');
 var kms = new AWS.KMS({region: 'us-east-1'});

 /**
 * Example of create a "data" key with AWS KMS. Data keys are just encryption keys 
 * with the added benefit of being stored in KMS' hardware encryption layer.
 */
 var createCryptoKey = function() {
    var deferred = Q.defer();
    /**
     * The Key ID is an AWS KMS identifier for the "master" key. The master key is used 
     * for for generating and crytping data keys
     */
    kms.generateDataKey({KeyId: 'alias/MyMasterKey', NumberOfBytes: 16}, function(err, data) {
        if (err) {
            logger.error('Could not create encryption key', err);
            deferred.reject();
        } else {
            /**
             * The plain text key is the unecrypted key that can be used for crypto in the application
             */
            logger.debug('Plantext crypto key', new Buffer(data.Plaintext).toString('hex'));

            /**
             * The ciphertext blob is the encrypted key that you can safely store next to the data you'd like to encrypt/decrypt
             */
            logger.debug('Encrypted crypto key', new Buffer(data.CiphertextBlob).toString('hex'));

            deferred.resolve(data.Plaintext);
        }    
    });

    return deferred.promise;
 }

 /**
 * This method will decrypt the encrypted key given by KMS in response to the generateDataKey method. 
 * When you want o encrypt something you should first decrypt your crypto key with this method,
 * @param {*} cipherText This is the encrypted encryption key (see the CiphertextBlob above)
 */
 var decryptCryptoKey = function (cipherText) {
    var deferred = Q.defer();

    kms.decrypt({CiphertextBlob: new Buffer(cipherText, "hex")}, function (err, data) {
        if (err) {
            logger.error('Could not get encryption key', err);
            deferred.reject();
        } else {
            logger.debug('Plantext crypto key', new Buffer(data.Plaintext).toString('hex'));
            deferred.resolve(data.Plaintext);
        }
    });

    return deferred.promise;
 };
	/**
	* The following is an example of creating encryption keys using AWS KMS.
	*/

	var Q = require('q');
	var AWS = require('aws-sdk');
	var kms = new AWS.KMS({region: 'us-east-1'});

	/**
	* Example of create a "data" key with AWS KMS. Data keys are just encryption keys
	* with the added benefit of being stored in KMS' hardware encryption layer.
	*/
	var createCryptoKey = function() {
	var deferred = Q.defer();
	/**
	* The Key ID is an AWS KMS identifier for the "master" key. The master key is used
	* for for generating and crytping data keys
	*/
	kms.generateDataKey({KeyId: 'alias/MyMasterKey', NumberOfBytes: 16}, function(err, data) {
	if (err) {
	logger.error('Could not create encryption key', err);
	deferred.reject();
	} else {
	/**
	* The plain text key is the unecrypted key that can be used for crypto in the application
	*/
	logger.debug('Plantext crypto key', new Buffer(data.Plaintext).toString('hex'));

	/**
	* The ciphertext blob is the encrypted key that you can safely store next to the data you'd like to encrypt/decrypt
	*/
	logger.debug('Encrypted crypto key', new Buffer(data.CiphertextBlob).toString('hex'));

	deferred.resolve(data.Plaintext);
	}
	});

	return deferred.promise;
	}

	/**
	* This method will decrypt the encrypted key given by KMS in response to the generateDataKey method.
	* When you want o encrypt something you should first decrypt your crypto key with this method,
	* @param {*} cipherText This is the encrypted encryption key (see the CiphertextBlob above)
	*/
	var decryptCryptoKey = function (cipherText) {
	var deferred = Q.defer();

	kms.decrypt({CiphertextBlob: new Buffer(cipherText, "hex")}, function (err, data) {
	if (err) {
	logger.error('Could not get encryption key', err);
	deferred.reject();
	} else {
	logger.debug('Plantext crypto key', new Buffer(data.Plaintext).toString('hex'));
	deferred.resolve(data.Plaintext);
	}
	});

	return deferred.promise;
	};