@@ -5,7 +5,6 @@ package keyring
5
5
6
6
import (
7
7
"context"
8
- "crypto/rand"
9
8
"fmt"
10
9
"reflect"
11
10
@@ -14,6 +13,7 @@ import (
14
13
dbesdkdynamodbencryptiontypes "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes"
15
14
dbesdkstructuredencryptiontypes "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkstructuredencryptionsmithygeneratedtypes"
16
15
"github.com/aws/aws-database-encryption-sdk-dynamodb/dbesdkmiddleware"
16
+ "github.com/aws/aws-database-encryption-sdk-dynamodb/examples/utils"
17
17
"github.com/aws/aws-sdk-go-v2/aws"
18
18
"github.com/aws/aws-sdk-go-v2/config"
19
19
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
@@ -45,32 +45,23 @@ import (
45
45
- Sort key is named "sort_key" with type (S)
46
46
*/
47
47
48
- func RawAesExample (ddbTableName string ) {
49
- aesKeyBytes , err := generateAes256KeyBytes ()
50
- if err != nil {
51
- panic (err )
52
- }
48
+ func RawAesExample (ddbTableName , keyNamespace , keyName string , aesKeyBytes [] byte ) {
49
+ // Initialize the mpl client
50
+ matProv , err := mpl . NewClient (mpltypes. MaterialProvidersConfig {})
51
+ utils . HandleError (err )
52
+
53
53
// 1. Create the keyring.
54
54
// The DynamoDb encryption client uses this to encrypt and decrypt items.
55
55
56
- // Initialize the mpl client
57
- matProv , err := mpl .NewClient (mpltypes.MaterialProvidersConfig {})
58
- if err != nil {
59
- panic (err )
60
- }
61
56
// Create the Raw Aes Keyring
62
- var keyNamespace = "my-key-namespace"
63
- var keyName = "my-aes-key-name"
64
57
rawAesKeyRingInput := mpltypes.CreateRawAesKeyringInput {
65
58
KeyName : keyName ,
66
59
KeyNamespace : keyNamespace ,
67
60
WrappingKey : aesKeyBytes ,
68
61
WrappingAlg : mpltypes .AesWrappingAlgAlgAes256GcmIv12Tag16 ,
69
62
}
70
63
rawAesKeyring , err := matProv .CreateRawAesKeyring (context .Background (), rawAesKeyRingInput )
71
- if err != nil {
72
- panic (err )
73
- }
64
+ utils .HandleError (err )
74
65
// 2. Configure which attributes are encrypted and/or signed when writing new items.
75
66
// For each attribute that may exist on the items we plan to write to our DynamoDbTable,
76
67
// we must explicitly configure how they should be treated during item encryption:
@@ -132,14 +123,10 @@ func RawAesExample(ddbTableName string) {
132
123
133
124
// Create DBESDK middleware
134
125
dbEsdkMiddleware , err := dbesdkmiddleware .NewDBEsdkMiddleware (listOfTableConfigs )
135
- if err != nil {
136
- panic (err )
137
- }
126
+ utils .HandleError (err )
138
127
// Create aws config
139
128
cfg , err := config .LoadDefaultConfig (context .TODO ())
140
- if err != nil {
141
- panic (err )
142
- }
129
+ utils .HandleError (err )
143
130
ddb := dynamodb .NewFromConfig (cfg , dbEsdkMiddleware .CreateMiddleware ())
144
131
145
132
// 6. Put an item into our table using the above client.
@@ -155,9 +142,7 @@ func RawAesExample(ddbTableName string) {
155
142
Item : item ,
156
143
}
157
144
_ , err = ddb .PutItem (context .TODO (), putInput )
158
- if err != nil {
159
- panic (err )
160
- }
145
+ utils .HandleError (err )
161
146
// 7. Get the item back from our table using the same client.
162
147
// The client will decrypt the item client-side, and return
163
148
// back the original item.
@@ -176,22 +161,10 @@ func RawAesExample(ddbTableName string) {
176
161
ConsistentRead : aws .Bool (true ),
177
162
}
178
163
result , err := ddb .GetItem (context .TODO (), getInput )
179
- if err != nil {
180
- panic (err )
181
- }
164
+ utils .HandleError (err )
182
165
// Verify the decrypted item
183
166
if ! reflect .DeepEqual (item , result .Item ) {
184
167
panic ("Decrypted item does not match original item" )
185
168
}
186
169
fmt .Println ("Raw Aes Example successful." )
187
170
}
188
-
189
- func generateAes256KeyBytes () ([]byte , error ) {
190
- key := make ([]byte , 32 ) // 256 bits = 32 bytes
191
- // Use crypto/rand for cryptographically secure random numbers
192
- _ , err := rand .Read (key )
193
- if err != nil {
194
- return nil , err
195
- }
196
- return key , nil
197
- }
0 commit comments