이슈요약
AWS EC2에서 AccessKey 적용 후 cli를 사용해서 kms 암호화를 수행하던 중
아래와 같은 인코딩 에러가 발생함
[python@test ~]$ aws kms encrypt --key-id alias/TestKey --plaintext hooks --region ap-northeast-2
Invalid base64: "hooks"
[python@test ~]$
[python@test ~]$ aws kms encrypt --key-id alias/TestKey --plaintext hooksa --region ap-northeast-2
Invalid base64: "hooksa"
[python@test ~]$
[python@test ~]$ aws kms encrypt --key-id alias/TestKey --plaintext hoosa --region ap-northeast-2
Invalid base64: "hoosa"
[python@test ~]$ aws kms encrypt --key-id alias/TestKey --plaintext oosa --region ap-northeast-2
{
"CiphertextBlob": "AQICAHikPcpmPMpLnnAiykkg4+POI1/JsKVx71m0lRF8SBUimgFUkiRSrgtBDWYhEIRtqsQiAAAAYTBfBgkqhkiG9w0BBwagUjBQAgEAMEsGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM0rwgiNxdLy388W8PAgEQgB6IVJkHWOq6ziMwgiWNQLz6xpRqnfUcdO2cjhRABHA=",
"KeyId": "arn:aws:kms:ap-northeast-2:755504156916:key/97cd77a6-da58-448c-a074-51d86bba3e99",
"EncryptionAlgorithm": "SYMMETRIC_DEFAULT"
}
[python@test ~]$
원인파악 상세
테스트를 해보니 결과값에서 base64인코딩으로 결과값이 나오지 않아서 해당 에러가 발생하는 것으로 분석됨
해결방법
AWS CLI에서 제공하는 --cli-binary-format raw-in-base64-out 옵션을 사용
[python@test ~]$ aws kms encrypt --key-id alias/TestKey --plaintext "hooks.slack.com/services" --region ap-northeast-2 --cli-binary-format raw-in-base64-out
{
"CiphertextBlob": "AQICAHikPcpmPMpLnnAiykkg4+POI1/JsKVx71m0lRF8SBUimgEapnLnSo7Bf82n++JHvLNVAAAAqTCBpgYJKoZIhvcNAQcGoIGYMIGVAgEAMIGPBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDEkjwSi0+AVrG5aC9gIBEIBiRAeZlkQMvC++tVY298DcS8DUizfpZ/vNWUg5UvENpAavdGbWTJkLdtu3cAKJIo9t9U8htafar9famaMGVtvJVraRJHycBk8TR1ZS1wm+Slwc0Mkl+kCRnkLchOJ3h0XCZK0=",
"KeyId": "arn:aws:kms:ap-northeast-2:755504156916:key/97cd77a6-da58-448c-a074-51d86bba3e99",
"EncryptionAlgorithm": "SYMMETRIC_DEFAULT"
}
[python@test ~]$
