These instructions will get you an example of how to use AWS KMS key for encrypting and decrypting any confidential text. I have provided Utilites class which has all the methods for encrypting and decrypting given text. I have also provided unit test for self verification.
Basically this code does below things:
- generates data key from AWS KMS Master key
- encrypt and encode this data key so that it can be stored outside safely
- distribute this key in string format (serialize) to both encryption party and decryption party
- encryption party will decrypt and decode same data key (Using AWS KMS Master key) to encypt confidential text
- decryption party will also decrypt and decode same data key (Using AWS KMS Master key) to decrypt confidential text, encrypted in step #4.
You can also use this code to safely export and import aws data key as its encrypted and encoded.
-
You must have configured AWS Credentials on your machine. Use below link for how to do that: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
-
Your AWS user (configure in above step) must have rights to access AWS KMS Master key in order to generate datakey, encrypt data and decrypt the data key.
-
Clone this repository local on your machine.
-
Please replace KMS_MASTER_KEY variable in KmsUtilities class to AWS KMS Master key accessible from your AWS account.
-
Follow Prerequisites as above.
-
Use maven to build and run the unit tests.
mvn clean install
- Himanshu Parmar - Initial work - Himanshu Parmar
See also the list of contributors who participated in this project.