Boto3: kms#decrypt throws 'utf8' codec error

Created on 26 Nov 2014  路  7Comments  路  Source: boto/boto3

kms#decrypt throws this error every time:

UnicodeDecodeError: 'utf8' codec can't decode byte 0xf2 in position 2: invalid continuation byte

Repro steps:

import boto3
kms = boto3.client('kms')
result = kms.encrypt(KeyId='some_key_id_redacted',Plaintext='my name is bob')
kms.decrypt(CiphertextBlob=result['CiphertextBlob'])

May be related to this issue

bug dependencies pending-release
Source
picture bilalaslam

Most helpful comment

The workaround worked for me, but I had to base64 encode the Plaintext as well. 

encrypted=kms.encrypt(KeyId='', Plaintext='Test')
decrypted=kms.decrypt(CiphertextBlob=base64.b64encode(encrypted['CiphertextBlob']).decode('utf-8'))
base64.b64encode(decrypted['Plaintext']).decode('utf-8')
picture jstnblau on 4 Dec 2014
👍2

All 7 comments

@bilalaslam this appears to be a bug in Botocore where the CiphertextBlob should automatically be base64-encoded. For example, this appears to work for me:

import base64

kms.decrypt(CiphertextBlob=base64.b64encode(result['CiphertextBlob']).decode('utf-8'))

You can use that as a workaround for now, but once we make the underlying fix you'll need to remove the manual base64-encoding.

danielgtaylor picture danielgtaylor on 27 Nov 2014

I can confirm the bug on my end too.

spgta picture spgta on 28 Nov 2014

@spgta does the workaround work for you? This should get fixed in Botocore soon.

danielgtaylor picture danielgtaylor on 3 Dec 2014

The workaround worked for me, but I had to base64 encode the Plaintext as well. 

encrypted=kms.encrypt(KeyId='', Plaintext='Test')
decrypted=kms.decrypt(CiphertextBlob=base64.b64encode(encrypted['CiphertextBlob']).decode('utf-8'))
base64.b64encode(decrypted['Plaintext']).decode('utf-8')
jstnblau picture jstnblau on 4 Dec 2014
👍2

@danielgtaylor

This works for me:
encrypt:

    kms = boto3.client("kms")   
    e = kms.encrypt(KeyId=self.keyid,EncryptionContext={""},Plaintext=encoded_file)
    self.objectBody = base64.b64encode(e['CiphertextBlob']).decode("utf-8")

decrypt:

kms = boto3.client("kms")
decrypted_file = kms.decrypt(CiphertextBlob=enc_string,EncryptionContext="")

spgta picture spgta on 5 Dec 2014

@spgta, @jstnblau, @bilalaslam this should be fixed upstream with boto/botocore#397, which was just merged. It'll go out with the next release.

danielgtaylor picture danielgtaylor on 5 Dec 2014

Released in version 0.0.5

danielgtaylor picture danielgtaylor on 9 Dec 2014
Was this page helpful?
0 / 5 - 0 ratings

Related issues

danielmorozoff picture danielmorozoff  路  3Comments
maoo picture maoo  路  3Comments
raolivei picture raolivei  路  3Comments
jparismorgan picture jparismorgan  路  3Comments
leima965 picture leima965  路  3Comments