Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sebsto/kms-demo

KMS Python Demo
https://github.com/sebsto/kms-demo

Last synced: 6 days ago
JSON representation

KMS Python Demo

Host: GitHub
URL: https://github.com/sebsto/kms-demo
Owner: sebsto
License: apache-2.0
Created: 2020-04-07T16:43:58.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2021-08-09T10:53:03.000Z (over 3 years ago)
Last Synced: 2023-05-19T00:10:15.758Z (over 1 year ago)
Language: Python
Size: 23.4 KB
Stars: 12
Watchers: 2
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# KMS Developer Demo

## Description

This is a developer oriented demonstration on how to use [AWS Key Management Service (KMS)]( https://aws.amazon.com/kms/) to encrypt plain text or files in the Python programming language, although this example and API used is also relevant for developers using other programming languages.

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys.

## Comments

This demo is divided in four main parts.

### Part 1 : Infrastructure Setup

This part is required to setup the infrastructure required by the demo:
- create a role allowing you to use KMS

- create a KMS Master key if it does not exist yet.

Each key that you create in AWS Key Management Service costs $1/month as long as it is enabled, therefore, for this demo, we choose to create a KMS Master key in your account and to not delete it at the end of the demo, instead we will de-activate it and reuse it later for the next run of the demo.

- create an S3 bucket (to be used in part 3 below)
- Establish the connection to the KMS service in the given region

### Part 2 : Clear Text encoding / decoding

The next two code blocks are dealing with clear text encryption and decryption.

#### Cipher

The code request a data key from KMS. KMS returns the key as cleartext and as a ciphered object. Code is using the cleartext key to encode the text message.

In real life scenario, code should dispose the cleartext version of the key and store the ciphered key only.

#### Decipher

The code makes a KMS call, passing the cipher version of the key and receive the clear text key back.

It then uses this clear text key to decipher the ciphered message.

### Part 3 : File encoding / decoding

The next two code blocks perform a cipher / decipher operation on a JPG file and upload the file to an S3 bucket.

Notice the following:

- The AES Initialization Vector (IV) is stored in the ciphered file header (