Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CIRCULAR REFERENCE:com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys

See original GitHub issue

We are seeing the following error when attempting to run a Lambda on AWS. This exact Lambda was running fine for us, then we wanted to reuse it and updated some of the keys and field/class names then we started getting an encryption key exception.

We have attempted to regenerate the key and the issue persists. Can you point us in any direction to begin debugging this?

Caused by: com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys
at com.amazonaws.encryptionsdk.MasterKeyProvider.buildCannotDecryptDksException(MasterKeyProvider.java:106)
at com.amazonaws.encryptionsdk.multi.MultipleProviderFactory$MultiProvider.decryptDataKey(MultipleProviderFactory.java:158)
at com.amazonaws.encryptionsdk.internal.DecryptionHandler.getDataKey(DecryptionHandler.java:329)
at com.amazonaws.encryptionsdk.internal.DecryptionHandler.readHeaderFields(DecryptionHandler.java:382)
at com.amazonaws.encryptionsdk.internal.DecryptionHandler.<init>(DecryptionHandler.java:124)
at com.amazonaws.encryptionsdk.AwsCrypto.decryptData(AwsCrypto.java:242)
at com.amazonaws.encryptionsdk.AwsCrypto.decryptData(AwsCrypto.java:233)
at com.nike.webhooks.common.security.KmsEncryptDecrypt.decrypt(KmsEncryptDecrypt.java:37)
at com.nike.webhooks.common.repository.EventConverter.unconvert(EventConverter.java:55)
at com.nike.webhooks.common.repository.EventConverter.unconvert(EventConverter.java:18)
at com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBTypeConverter$DelegateConverter.unconvert(DynamoDBTypeConverter.java:109)
at com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBTypeConverter$NullSafeConverter.unconvert(DynamoDBTypeConverter.java:128)
at com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBTypeConverter$ExtendedConverter.unconvert(DynamoDBTypeConverter.java:88)
at com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapperFieldModel.unconvert(DynamoDBMapperFieldModel.java:146)
at com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapperFieldModel.unconvertAndSet(DynamoDBMapperFieldModel.java:164)
at com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapperTableModel.unconvert(DynamoDBMapperTableModel.java:267)
... 18 more
Suppressed: com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys
at com.amazonaws.encryptionsdk.MasterKeyProvider.buildCannotDecryptDksException(MasterKeyProvider.java:103)
at com.amazonaws.encryptionsdk.kms.KmsMasterKey.decryptDataKey(KmsMasterKey.java:182)
at com.amazonaws.encryptionsdk.multi.MultipleProviderFactory$MultiProvider.decryptDataKey(MultipleProviderFactory.java:150)
... 32 more
[CIRCULAR REFERENCE:com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys]

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:9 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
SalusaSeconduscommented, Jan 5, 2017

I’ll dig into this a bit more. FYI, the decrypt logic might be a bit off from a security standpoint. You should check the CryptoResult to ensure that the key used to decrypt is one of the ones you passed in to the decrypt method. (Depending on how you’ve set up your AWS credentials and permissions there are some edge-cases where this could be a problem.)

0reactions
SalusaSeconduscommented, Jan 30, 2017

Fixed: f108896d8c34c7f0c94590ea2a80971133ceb1b6

Read more comments on GitHub >

github_iconTop Results From Across the Web

Exception in thread "main" com.amazonaws.encryptionsdk ...
[CIRCULAR REFERENCE:com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys].
Read more >
CannotUnwrapDataKeyException (aws-encryption-sdk-java ...
This exception is thrown when there are no DataKey s which can be decrypted. See Also: Serialized Form. Constructor Summary. Constructors ...
Read more >
How to decrypt AWS KMS cipher with AWS Encryption SDK ...
This should have resulted in a permissions error from KMS. Another possibility is that you are providing an invalid ciphertext. The AWS CLI ......
Read more >
Encrypting and decrypting data keys - AWS Documentation
Learn how to encrypt and decrypt data keys programmatically. ... encryption library, such as the AWS Encryption SDK or the Amazon S3 encryption...
Read more >
com.amazonaws.encryptionsdk.internal.DecryptionHandler ...
CannotUnwrapDataKeyException ; import com.amazonaws.encryptionsdk.model. ... the provided master key are used in decrypting the * encrypted data key parsed ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Issue with getting Region when federated

Next page

Example code for generateDataKey