[AWS] kms 디비 컬럼 암호화 소스 java

1. kms 키 값을 생성한후 

2. 아래와 같이 코드생성

import com.amazonaws.encryptionsdk.AwsCrypto;
import com.amazonaws.encryptionsdk.CryptoAlgorithm;
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider;


import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.*;

import java.io.UnsupportedEncodingException;
import java.util.Map;


@RestController
@RequestMapping("/crypto/AES")
public class AwsKmsAES {

    private String awsKmsArn = "arn:aws:kms:xxxx:xxx:xxx/xxx";

    // Instantiate the SDK
    private AwsCrypto crypto = new AwsCrypto();

    // Set up the KmsMasterKeyProvider backed by the default credentials
    private KmsMasterKeyProvider prov = null;

    private static final Logger logger = LoggerFactory.getLogger(AwsKmsAES.class);

    @PostMapping("/Encrypt")
    public String EncryptAES256(@RequestBody Map<String,Object> map)  throws UnsupportedEncodingException {
        //logger.info("Params : plainText = {}", map.get("text").toString());

        prov = new KmsMasterKeyProvider(awsKmsArn);

        crypto.setEncryptionAlgorithm(CryptoAlgorithm.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256);

        // Encrypt the data
        String ciphertext = crypto.encryptString(prov, new String(map.get("text").toString().getBytes("UTF-8"))).getResult();

        //logger.info("AES256 Encryption Result : {}", ciphertext);
        logger.info("success");
        return ciphertext;
    }

    @PostMapping("/Decrypt")
    public String DecryptAES256(@RequestBody Map<String,Object> map) throws UnsupportedEncodingException {

        String decryptText = "";
        prov = new KmsMasterKeyProvider(awsKmsArn);

        crypto.setEncryptionAlgorithm(CryptoAlgorithm.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256);
        //logger.info("Params : ciphertext = {}", map.get("text").toString());
        // Decrypt the data
        try {
            decryptText = crypto.decryptString(prov, map.get("text").toString()).getResult();
            decryptText = new String(decryptText.getBytes("UTF-8"));
            //logger.info("decryptText  : {}", decryptText);
        }catch(Exception e){
            logger.info("exception  : {}", e.toString());
        }

        return decryptText;
    }

}

3. pom.xml 아래와 같이 추가

<dependency> <groupId>com.amazonaws</groupId> <artifactId>aws-java-sdk</artifactId> <version>1.11.106</version> </dependency> <!-- AWS Encryption SDK for Java --> <dependency> <groupId>com.amazonaws</groupId> <artifactId>aws-encryption-sdk-java</artifactId> <version>1.3.1</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.9.3</version> </dependency>

참고)

(Decrypt 에서 기존 암호화 되지 않은 데이터는 com.amazonaws.encryptionsdk.exception.BadCiphertextException: Invalid base 64 해당 에러가 난다. 기존에 암호화되어 있지 않은 데이터 가져올시 해당 에러 참고)