openssl - Decrypt Amazon Redshift CSV dump -
i decrypt csv dump of amazon redshift table locally. m using unload command , client side encryption since data contains sensitive information.
the command using this:
unload ('select * testtable.test') 's3://unload' credentials 'aws_access_key_id=<aws_key_id>;aws_secret_access_key=<aws_secret_key_id>;master_symmetric_key=<master_key>' delimiter ',' addquotes escape encrypted allowoverwrite to generate master_key used follwing command:
openssl enc -aes-256-cbc -pass pass:<mypass> -p -nosalt -base64 this outputs:
key=.... iv =.... i used key `master_symmetric_key.
i copy s3 data locally , try decrypt this:
openssl enc -aes-256-cbc -d -nosalt -base64 -in 0000_part_00 -out temps.csv but get:
bad decrypt 6038:error:0606506d:digital envelope routines:evp_decryptfinal_ex: wrong final block length:/sourcecache/openssl098/openssl098-52.20.2/src/crypto/evp/evp_enc.c:323 how decrypt amazon redshift csv dump?
the key stored metadata , available in x-amz-meta-x-amz-key, , iv stored metadata , available in x-amz-meta-x-amz-iv. redshift documentation:
... unload stores encrypted data files in amazon s3 , stores encrypted envelope key , iv object metadata each file. encrypted envelope key stored object metadata x-amz-meta-x-amz-key , iv stored object metadata x-amz-meta-x-amz-iv.
when s3 object these meta-data fields. here example of s3 get-object example: http://docs.aws.amazon.com/amazons3/latest/api/restobjectget.html
Comments
Post a Comment