encryptionsdk.exception.BadCiphertextException: Invalid ciphertext type

Question

I am using AWS encryption SDK to encrypt and decrypt files. I am getting an error

encryptionsdk.exception.BadCiphertextException: Invalid ciphertext type

in the following scenario.

I am encrypting my file using command:

aws kms encrypt --key-id keyId --region us-east-1 --plaintext file://text.txt --query CipherTextBlob             --output text | base64 --decode >file.dat.encrypted.

I my code I have:

AwsCrypto awsCrypto = new AwsCrypto();
InputStream inputStream  = new FileInputStream("inputfile");
final CryptoInputStream decryptingStream = awsCrypto.createDecryptingStream(provider,inputStream);
OutputStream outputStream = new FileOutputStream("outputFile");
IOUtils.copy(decryptingStream,outputStream)

Could anyone please point out what I am missing in this? I am trying to figure out the problem but I am not able to. Would appreciate any help regarding this.

Answer 1

My understanding from the AWS Encryption SDK is that it allows you to use AWS KMS in a more general way than if you'd implement the cryptography primitives on yourself.

From what I can see, you're trying to hook up the Encryption SDK with the KMS CLI, and those things are not compatible.

Was your encrypted data generated by calling the Encrypt primitive in KMS (SDK or command line tool)? If so, you should try to use the KMS Client Decrypt primitive to deal with it, in your preferred way (CLI or SDK).