用Python解密EC2密码

Question

我希望启动一个Windows实例，并以编程的方式使用EC2获取管理密码。我知道这样使用CLI可以做到这一点，但我更愿意在本地解密，以避免通过互联网发送我的私钥。

aws ec2 get-password-data --instance-id i-0d4d8273cadcae0a0 --priv-launch-key .ssh/elliott2.pem

在阅读了“密码穹顶”文档之后，我尝试了这样的方法：

import boto3
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP

ec2 = boto3.resource('ec2', 'us-west-2')
i = ec2.Instance('i-028dee2acb533fc59')

encrypted_str = i.password_data()['PasswordData']
with open('mykey.pem') as fp:
  key = RSA.importKey(fp.read())

cipher = PKCS1_OAEP.new(key)
print(cipher.decrypt(enc_str))

如果出现错误，这将失败：

Traceback (most recent call last):
  File "test.py", line 14, in <module>
    print(cipher.decrypt(encrypted_str))
  File "/Users/elliott/Library/Python/3.8/lib/python/site-packages/Crypto/Cipher/PKCS1_OAEP.py", line 167, in decrypt
    raise ValueError("Ciphertext with incorrect length.")
ValueError: Ciphertext with incorrect length.

我想cipherkey一定是256个字节。但是密码数据比这个长，所以我不知道该怎么做。

Answer 1

迟到了，但可能会有帮助。

​

from Crypto.PublicKey import RSA
from Crypto.Cipher import AES, PKCS1_v1_5

def decrypt(ciphertext, keyfile = PEM_FILE ):
    input = open(keyfile)
    key = RSA.importKey(input.read())
    input.close()
    cipher = PKCS1_v1_5.new(key)
    plaintext = cipher.decrypt(ciphertext, None)
    return plaintext

​