New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: unable to decode CustomEmailSender_SignUp encrypted code, got InvalidCiphertextException #10737
Comments
If I use aws_encryption_sdk to decode locally, then the code decrypts just fine. But if I use boto3 and send it to localstack to decrypt, then it fails!!! |
I am also not sure why the client id of "CustomEmailSender_SignUp" event is "CLIENT_ID_NOT_APPLICABLE" |
Hi @vt-rcheng, thanks for reporting the issue. Could you give us a few more details on how you generate the ciphertext in input? Have you tried to provide the key id to the |
I didn't generate the ciphertext, localstack did when it sends out the CustomEmailSender_SignUp trigger. You will have to setup a cognito user pool and then sign up a user using email address to trigger the event. I have tried kms decrypt command, see my ticket description, and it did not work. The only way for me to decrypt is locally with aws_encryption_sdk. So I feel it is localstack's bug somewhere.... |
Is there an existing issue for this?
Current Behavior
this is a reopening of bug #9348
I have tried again with the latest localstack ver 3.4.1
So I am trying to implement Cognito lambda trigger
I first sign up
root@7f0236f21f67:/opt/code/localstack# awslocal cognito-idp sign-up --client-id 7h3o0ebyozvd3vjhymdo8bvn0s --username [email protected] --password 12345678Aa! --user-attributes Name=name,Value=+11111111111
the trigger then receives a CustomEmailSender_SignUp trigger
inside the request it has an encrypted code
AgV4RSjfaHPY6cDSoaPQHqQYCDyPQESesN3pMkPvq4wScOsAXwABABVhd3MtY3J5cHRvLXB1YmxpYy1rZXkAREFqdnpyZ2FKMjladVZnRFRSOTBKUXo1TCsranp2SHFGUlg2M2Q4VFM4amJ5b2ZYMk1HK0NrSGpNVkVEQnJod1o5UT09AAEAB2F3cy1rbXMAS2Fybjphd3M6a21zOnVzLWVhc3QtMTowMDAwMDAwMDAwMDA6a2V5LzY1NjY5OGRhLTZhYTQtNDU4OC05YmZhLWQ4NGYyOTE5YzNkZgB0NjU2Njk4ZGEtNmFhNC00NTg4LTliZmEtZDg0ZjI5MTljM2RmiNnmPzJkxa6K457GXPrcGUAvV50VVZOaylI49kJFvq5VTtzUnunN5Z56+OTBKRffyvn3QnIq1b69o3ARYvmTnnsjG36q6jTXGmXlqU+PYuACAAAQAKs2LNWFjBskSk7IaYj4DURDiqEI0zyZelixydYb0d09rgnGOQixeTl24EVeNNaEov////8AAAABAAAAAAAAAAAAAAABAAAABh4cPQLLvmi4rgpxsAMSLYgkGTwoWsEAZzBlAjEAoUeOu2COlANi9iWqegJ9yCZHeEadgjaPNxedYO9knstLAemrruN7pRL0bkrxs2BgAjBYXbovABctggQj7UQV9uOXKDj1ajCifAC8EBu4moFQMw3K2UIbH4yw2FYIACEakxs=
I try to use kms to decrypt the code
root@7f0236f21f67:/opt/code/localstack# awslocal kms decrypt --ciphertext-blob fileb://<(echo "AgV4RSjfaHPY6cDSoaPQHqQYCDyPQESesN3pMkPvq4wScOsAXwABABVhd3MtY3J5cHRvLXB1YmxpYy1rZXkAREFqdnpyZ2FKMjladVZnRFRSOTBKUXo1TCsranp2SHFGUlg2M2Q4VFM4amJ5b2ZYMk1HK0NrSGpNVkVEQnJod1o5UT09AAEAB2F3cy1rbXMAS2Fybjphd3M6a21zOnVzLWVhc3QtMTowMDAwMDAwMDAwMDA6a2V5LzY1NjY5OGRhLTZhYTQtNDU4OC05YmZhLWQ4NGYyOTE5YzNkZgB0NjU2Njk4ZGEtNmFhNC00NTg4LTliZmEtZDg0ZjI5MTljM2RmiNnmPzJkxa6K457GXPrcGUAvV50VVZOaylI49kJFvq5VTtzUnunN5Z56+OTBKRffyvn3QnIq1b69o3ARYvmTnnsjG36q6jTXGmXlqU+PYuACAAAQAKs2LNWFjBskSk7IaYj4DURDiqEI0zyZelixydYb0d09rgnGOQixeTl24EVeNNaEov////8AAAABAAAAAAAAAAAAAAABAAAABh4cPQLLvmi4rgpxsAMSLYgkGTwoWsEAZzBlAjEAoUeOu2COlANi9iWqegJ9yCZHeEadgjaPNxedYO9knstLAemrruN7pRL0bkrxs2BgAjBYXbovABctggQj7UQV9uOXKDj1ajCifAC8EBu4moFQMw3K2UIbH4yw2FYIACEakxs=" | base64 --decode) --output text
but got the following error
An error occurred (InvalidCiphertextException) when calling the Decrypt operation: LocalStack is unable to deserialize the ciphertext blob. Perhaps the blob didn't come from LocalStack
Expected Behavior
No response
How are you starting LocalStack?
With a docker-compose file
Steps To Reproduce
How are you starting localstack (e.g.,
bin/localstack
command, arguments, ordocker-compose.yml
)Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)
Environment
Anything else?
No response
The text was updated successfully, but these errors were encountered: