Mark
Reputation: 15
Google KMS giving error when decrypting data
When i try to decrypt my data using the Google KMS i am getting this error. Below is my code for the decryption. The error is hitting on the line where there is string plaintext. Thanks in advance
Code
public static string Encrypt(string plaintext)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
//projects/progforthecloudt2020/locations/global/keyRings/pfckeyring001/cryptoKeys/pfckeys
CryptoKeyName kn = CryptoKeyName.FromUnparsed(new
Google.Api.Gax.UnparsedResourceName("GOOGLE RESOURCE ID REMOVED"));
string cipher = client.Encrypt(kn, ByteString.CopyFromUtf8(plaintext)).Ciphertext.ToBase64();
return cipher;
}
public static string Decrypt(string cipher)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName kn = CryptoKeyName.FromUnparsed(new Google.Api.Gax.UnparsedResourceName("GOOGLE RESOURCE ID REMOVED"));
string plaintext = client.Decrypt(kn, ByteString.CopyFromUtf8(cipher)).Plaintext.ToBase64();
return plaintext;
}
Error
Grpc.Core.RpcException: 'Status(StatusCode=InvalidArgument, Detail="Decryption failed: the ciphertext is invalid.")'
Upvotes: 0
Views: 922
Answers (1)
sethvargo
Reputation: 26997
You’re base64 encoding the result of your encryption call, but then you aren’t base64 decoding it in your decrypt call. You shouldn’t need to base64 encode the data.
public static void Encrypt(string projectId, string locationId, string keyRingId, string cryptoKeyId, string plaintextFile, string ciphertextFile)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName cryptoKeyName =
new CryptoKeyName(projectId, locationId, keyRingId, cryptoKeyId);
byte[] plaintext = File.ReadAllBytes(plaintextFile);
EncryptResponse result = client.Encrypt(cryptoKeyName, ByteString.CopyFrom(plaintext));
// Output encrypted data to a file.
File.WriteAllBytes(ciphertextFile, result.Ciphertext.ToByteArray());
Console.Write($"Encrypted file created: {ciphertextFile}");
}
public static void Decrypt(string projectId, string locationId, string keyRingId, string cryptoKeyId, string ciphertextFile, string plaintextFile)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName cryptoKeyName =
new CryptoKeyName(projectId, locationId, keyRingId, cryptoKeyId);
byte[] ciphertext = File.ReadAllBytes(ciphertextFile);
DecryptResponse result = client.Decrypt(cryptoKeyName, ByteString.CopyFrom(ciphertext));
// Output decrypted data to a file.
File.WriteAllBytes(plaintextFile, result.Plaintext.ToByteArray());
Console.Write($"Decrypted file created: {plaintextFile}");
}
Upvotes: 2
Related Questions
- GCP KMS : Encryption taking place but decryption isn't
- Google Cloud KMS issue with decrypt
- GCP - DLP - Decryption failed: the ciphertext is invalid error when using KMS wrapped key
- Google Cloud Platform - Dataflow doesn't decrypt data with KMS key
- Decrypting a file from KMS using Python failed with error "400 Decryption failed: the ciphertext is invalid"
- Google Cloud KMS: Unable to decrypt
- Google cloud KMS: encryption works but decryption fails
- Unable to decrypt using google kms typescript/node, getting emtpy results
- unable to use @google-cloud/kms nodejs module to decrypt secret
- "Invalid value at 'ciphertext' (TYPE_BYTES)"