ReEncryptData.go

// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: MIT-0
package main

import (
    "flag"
    "fmt"

    "github.com/aws/aws-sdk-go/aws/session"
    "github.com/aws/aws-sdk-go/service/kms"
    "github.com/aws/aws-sdk-go/service/kms/kmsiface"
)

// ReEncryptText reencrypts some text using a new AWS Key Management Service (AWS KMS) customer master key (CMK).
// Inputs:
//     svc is an AWS KMS service client
//     keyID is the ID of a different CMK
// Output:
//     If success, information about the reencrypted text and nil
//     Otherwise, nil and an error from the call to ReEncrypt
func ReEncryptText(svc kmsiface.KMSAPI, blob *[]byte, keyID *string) (*kms.ReEncryptOutput, error) {
    result, err := svc.ReEncrypt(&kms.ReEncryptInput{
        CiphertextBlob:   *blob,
        DestinationKeyId: keyID,
    })
    if err != nil {
        return nil, err
    }

    return result, nil
}

func main() {
    keyID := flag.String("k", "", "The ID of a KMS key")
    data := flag.String("d", "", "The data to reencrypt, as a string")
    flag.Parse()

    if *keyID == "" || *data == "" {
        fmt.Println("You must supply the ID of a KMS key and data")
        fmt.Println("-k KEY-ID -d DATA")
        return
    }

    sess := session.Must(session.NewSessionWithOptions(session.Options{
        SharedConfigState: session.SharedConfigEnable,
    }))

    svc := kms.New(sess)

    blob := []byte(*data)

    result, err := ReEncryptText(svc, &blob, keyID)
    if err != nil {
        fmt.Println("Got error reencrypting data:")
        fmt.Println(err)
        return
    }

    fmt.Println("Blob (base-64 byte array):")
    fmt.Println(result.CiphertextBlob)
}