openssl - Decrypt Amazon Redshift CSV dump -


i decrypt csv dump of amazon redshift table locally. m using unload command , client side encryption since data contains sensitive information.

the command using this:

unload ('select * testtable.test') 's3://unload' credentials 'aws_access_key_id=<aws_key_id>;aws_secret_access_key=<aws_secret_key_id>;master_symmetric_key=<master_key>' delimiter ',' addquotes escape encrypted allowoverwrite 

to generate master_key used follwing command:

openssl enc -aes-256-cbc -pass pass:<mypass> -p -nosalt -base64 

this outputs:

key=.... iv =.... 

i used key `master_symmetric_key.

i copy s3 data locally , try decrypt this:

openssl enc -aes-256-cbc -d -nosalt -base64 -in 0000_part_00 -out temps.csv 

but get:

bad decrypt 6038:error:0606506d:digital envelope routines:evp_decryptfinal_ex: wrong final block length:/sourcecache/openssl098/openssl098-52.20.2/src/crypto/evp/evp_enc.c:323 

how decrypt amazon redshift csv dump?

the key stored metadata , available in x-amz-meta-x-amz-key, , iv stored metadata , available in x-amz-meta-x-amz-iv. redshift documentation:

... unload stores encrypted data files in amazon s3 , stores encrypted envelope key , iv object metadata each file. encrypted envelope key stored object metadata x-amz-meta-x-amz-key , iv stored object metadata x-amz-meta-x-amz-iv.

when s3 object these meta-data fields. here example of s3 get-object example: http://docs.aws.amazon.com/amazons3/latest/api/restobjectget.html


Comments

Popular posts from this blog

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

javascript - oscilloscope of speaker input stops rendering after a few seconds -