我试图将下面链接中的代码复制到python/boto3： https://github.com/gilt/node-s3-encryption-client/issues/3

但是，我坚持从KMS获取纯文本，代码如下：

metadata = s3.head_object(Bucket='my bucket', Key='myencryptedemail00045')
kmsKeyBase64 = metadata['Metadata']['x-amz-key-v2']
iv = metadata['Metadata']['x-amz-iv']
taglen = (int(metadata['Metadata']['x-amz-tag-len']))/8
algo = metadata['Metadata']['x-amz-cek-alg']
encryptionContext = json.loads(metadata['Metadata']['x-amz-matdesc'])
kmsKeyBase = base64.b64decode(kmsKeyBase64)
response = kms.decrypt(CiphertextBlob=kmsKeyBase, EncryptionContext=encryptionContext)
print (response)

用boto3输出的纯文本显示如下：

如果我在AWS CLI中对kms decrypt使用相同的输入，那么我将得到正确的输出，如下所示：

aws kms decrypt --ciphertext-blob fileb://<(echo 'AQIDAHh/JCD4iDXb1vJh8MhaLBj6MyPnIB57hOtOlVzmpYZUereim0TFFcTueWN+w0Njd4IhPAAAAfjB8BgkqhkiereungbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMvYra4oU2QfFPI0tdAgEQgDuYGmtfQf/1reukNRiD6oGrv3BJuztdkeVrpPxkGzEY25otr143WKrA0YCEcmILYPfXOn3OJT2CShCH31w==' | base64 -d) --encryption-context '{"aws:ses:source-account": "XXXXXXXX", "aws:ses:message-id": "v235k9p8t2jf45u9dlnh6i45sc163di3a2m3u081", "kms_cmk_id": "arn:aws:kms:us-west-2:XXXXXXXXXXX:alias/rockondel-ses", "aws:ses:rule-name": "encrypt-test"}'

CLI输出：

{
"Plaintext": "E0kmokU0HEhIujfSPxKyUhjnBbCiK/a98/+B6G3Ux0KJdc=", 
"KeyId": "arn:aws:kms:us-west-2:XXXXXXXXXXX:key/XXxxxXX-06ce-49f1-3452-XXxxxXXXXxx"

}

你知道我做错什么了吗？在