Created
January 8, 2019 19:16
-
-
Save moosh3/479682c8088860701e8a9ea84edaf9b6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #snippet-comment:[These are tags for the AWS doc team's sample catalog. Do not remove.] | |
| #snippet-sourceauthor:[Doug-AWS] | |
| #snippet-sourcedescription:[Creates a customer master key using KMS.] | |
| #snippet-keyword:[AWS Key Management Service] | |
| #snippet-keyword:[create_key method] | |
| #snippet-keyword:[Ruby] | |
| #snippet-service:[kms] | |
| #snippet-sourcetype:[full-example] | |
| #snippet-sourcedate:[2018-03-16] | |
| # Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
| # | |
| # This file is licensed under the Apache License, Version 2.0 (the "License"). | |
| # You may not use this file except in compliance with the License. A copy of the | |
| # License is located at | |
| # | |
| # http://aws.amazon.com/apache2.0/ | |
| # | |
| # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS | |
| # OF ANY KIND, either express or implied. See the License for the specific | |
| # language governing permissions and limitations under the License. | |
| require 'aws-sdk-kms' # v2: require 'aws-sdk' | |
| # Create a customer master key (CMK). | |
| # As long we are only encrypting small amounts of data (4 KiB or less) directly, | |
| # a CMK is fine for our purposes. | |
| # For larger amounts of data, | |
| # use the CMK to encrypt a data encryption key (DEK). | |
| client = Aws::KMS::Client.new | |
| resp = client.create_key({ | |
| tags: [ | |
| { | |
| tag_key: 'CreatedBy', | |
| tag_value: 'ExampleUser' | |
| }, | |
| ], | |
| }) | |
| puts resp.key_metadata.key_id |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #snippet-comment:[These are tags for the AWS doc team's sample catalog. Do not remove.] | |
| #snippet-sourceauthor:[Doug-AWS] | |
| #snippet-sourcedescription:[Decrypts a string.] | |
| #snippet-keyword:[AWS Key Management Service] | |
| #snippet-keyword:[decrypt method] | |
| #snippet-keyword:[Ruby] | |
| #snippet-service:[kms] | |
| #snippet-sourcetype:[full-example] | |
| #snippet-sourcedate:[2018-03-16] | |
| # Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
| # | |
| # This file is licensed under the Apache License, Version 2.0 (the "License"). | |
| # You may not use this file except in compliance with the License. A copy of the | |
| # License is located at | |
| # | |
| # http://aws.amazon.com/apache2.0/ | |
| # | |
| # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS | |
| # OF ANY KIND, either express or implied. See the License for the specific | |
| # language governing permissions and limitations under the License. | |
| require 'aws-sdk-kms' # v2: require 'aws-sdk' | |
| # Decrypted blob | |
| blob = '01020200785d68faeec386af1057904926253051eb2919d3c16078badf65b808b26dd057c101747cadf3593596e093d4ffbf22434a6d00000068306606092a864886f70d010706a0593057020100305206092a864886f70d010701301e060960864801650304012e3011040c9d629e573683972cdb7d94b30201108025b20b060591b02ca0deb0fbdfc2f86c8bfcb265947739851ad56f3adce91eba87c59691a9a1' | |
| blob_packed = [blob].pack("H*") | |
| client = Aws::KMS::Client.new(region: 'us-west-2') | |
| resp = client.decrypt({ | |
| ciphertext_blob: blob_packed | |
| }) | |
| puts 'Raw text: ' | |
| puts resp.plaintext |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #snippet-comment:[These are tags for the AWS doc team's sample catalog. Do not remove.] | |
| #snippet-sourceauthor:[Doug-AWS] | |
| #snippet-sourcedescription:[Encrypts a string.] | |
| #snippet-keyword:[AWS Key Management Service] | |
| #snippet-keyword:[encrypt method] | |
| #snippet-keyword:[Ruby] | |
| #snippet-service:[kms] | |
| #snippet-sourcetype:[full-example] | |
| #snippet-sourcedate:[2018-03-16] | |
| # Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
| # | |
| # This file is licensed under the Apache License, Version 2.0 (the "License"). | |
| # You may not use this file except in compliance with the License. A copy of the | |
| # License is located at | |
| # | |
| # http://aws.amazon.com/apache2.0/ | |
| # | |
| # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS | |
| # OF ANY KIND, either express or implied. See the License for the specific | |
| # language governing permissions and limitations under the License. | |
| require 'aws-sdk-kms' # v2: require 'aws-sdk' | |
| # ARN of the customer master key (CMK). | |
| # | |
| # Replace the fictitious key ARN with a valid key ID | |
| keyId = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab' | |
| text = '1234567890' | |
| client = Aws::KMS::Client.new(region: 'us-west-2') | |
| resp = client.encrypt({ | |
| key_id: keyId, | |
| plaintext: text, | |
| }) | |
| puts 'Blob:' | |
| puts resp.ciphertext_blob.unpack('H*') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #snippet-comment:[These are tags for the AWS doc team's sample catalog. Do not remove.] | |
| #snippet-sourceauthor:[Doug-AWS] | |
| #snippet-sourcedescription:[Re-encrypts data under a new customer master key (CMK).] | |
| #snippet-keyword:[AWS Key Management Service] | |
| #snippet-keyword:[re_encrypt method] | |
| #snippet-keyword:[Ruby] | |
| #snippet-service:[kms] | |
| #snippet-sourcetype:[full-example] | |
| #snippet-sourcedate:[2018-03-16] | |
| # Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
| # | |
| # This file is licensed under the Apache License, Version 2.0 (the "License"). | |
| # You may not use this file except in compliance with the License. A copy of the | |
| # License is located at | |
| # | |
| # http://aws.amazon.com/apache2.0/ | |
| # | |
| # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS | |
| # OF ANY KIND, either express or implied. See the License for the specific | |
| # language governing permissions and limitations under the License. | |
| require 'aws-sdk-kms' # v2: require 'aws-sdk' | |
| # Human-readable version of the ciphertext of the data to reencrypt. | |
| blob = '01020200785d68faeec386af1057904926253051eb2919d3c16078badf65b808b26dd057c101747cadf3593596e093d4ffbf22434a6d00000068306606092a864886f70d010706a0593057020100305206092a864886f70d010701301e060960864801650304012e3011040c9d629e573683972cdb7d94b30201108025b20b060591b02ca0deb0fbdfc2f86c8bfcb265947739851ad56f3adce91eba87c59691a9a1' | |
| sourceCiphertextBlob = [blob].pack("H*") | |
| # Replace the fictitious key ARN with a valid key ID | |
| destinationKeyId = 'arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321' | |
| client = Aws::KMS::Client.new(region: 'us-west-2') | |
| resp = client.re_encrypt({ | |
| ciphertext_blob: sourceCiphertextBlob, | |
| destination_key_id: destinationKeyId | |
| }) | |
| puts 'Blob:' | |
| puts resp.ciphertext_blob.unpack('H*') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment