Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
KMS: Clean up base64 logic in the encrypt and decrypt functions. [(#1074
)](GoogleCloudPlatform/python-docs-samples#1074) The use of base64 is essentially an implementation detail of the Cloud KMS REST API: it is required only so that arbitrary binary data can be included in a JSON string, which only allows Unicode characters. Therefore, the "encrypt" sample function should decode the base64-encoded ciphertext before writing the file. Similarly, "decrypt" should not assume that an input file is base64-encoded, but should perform the base64-encoding itself before sending the encrypted data to KMS. This aligns with how the "gcloud kms encrypt" and "gcloud kms decrypt" commands behave. See https://stackoverflow.com/q/45699472 for an example of user confusion caused by the mismatch.
- Loading branch information